Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-5681 |
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. Published: December 19, 2006; 9:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-6652 |
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. Published: December 19, 2006; 9:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2006-6353 |
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". Published: December 06, 2006; 8:28:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4396 |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-4398 |
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4400 |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4401 |
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4402 |
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4403 |
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-4404 |
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-4406 |
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-4408 |
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4409 |
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-4411 |
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4412 |
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. Published: November 30, 2006; 11:28:00 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-6126 |
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. Published: November 26, 2006; 7:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-6127 |
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. Published: November 26, 2006; 7:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-6129 |
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. Published: November 26, 2006; 7:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-6061 |
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address. Published: November 21, 2006; 8:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2006-6062 |
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. Published: November 21, 2006; 8:07:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.1 MEDIUM |