National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.5.4
There are 3,095 matching records.
Displaying matches 3061 through 3080.
Vuln ID Summary CVSS Severity
CVE-2008-3609

The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 7.2 HIGH
CVE-2008-3608

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2332

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2331

Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

Published: September 16, 2008; 07:00:01 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-2329

Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

Published: September 16, 2008; 07:00:00 PM -04:00
    V2: 1.9 LOW
CVE-2008-2305

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

Published: September 16, 2008; 07:00:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3629

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Published: September 10, 2008; 09:13:09 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-3624

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

Published: September 10, 2008; 09:13:09 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Published: August 06, 2008; 02:41:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2008-2320

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.

Published: August 03, 2008; 09:41:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2321

Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

Published: August 03, 2008; 09:41:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2322

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

Published: August 03, 2008; 09:41:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-2323

Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.

Published: August 03, 2008; 09:41:00 PM -04:00
    V2: 7.1 HIGH
CVE-2008-2325

QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."

Published: August 03, 2008; 09:41:00 PM -04:00
    V2: 9.3 HIGH
CVE-2008-3438

Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Published: August 01, 2008; 10:41:00 AM -04:00
    V2: 7.5 HIGH
CVE-2008-2934

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

Published: June 02, 2008; 05:30:00 PM -04:00
    V2: 2.1 LOW
CVE-2008-0298

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

Published: January 16, 2008; 06:00:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2008-0226

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Published: January 10, 2008; 06:46:00 PM -05:00
    V2: 7.5 HIGH
CVE-2007-6166

Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.

Published: November 28, 2007; 08:46:00 PM -05:00
    V2: 9.3 HIGH