Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-0040 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. Published: February 22, 2009; 5:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0601 |
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Published: February 16, 2009; 3:30:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0141 |
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. Published: February 12, 2009; 7:30:05 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2009-0140 |
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. Published: February 12, 2009; 7:30:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0139 |
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow. Published: February 12, 2009; 7:30:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0138 |
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. Published: February 12, 2009; 7:30:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0137 |
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." Published: February 12, 2009; 7:30:05 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0020 |
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-0019 |
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-0018 |
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2009-0017 |
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-0015 |
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-0014 |
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0013 |
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 2.1 LOW |
CVE-2009-0012 |
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0011 |
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. Published: February 12, 2009; 7:30:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-0009 |
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. Published: February 12, 2009; 7:30:00 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0142 |
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." Published: February 12, 2009; 6:30:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 1.9 LOW |
CVE-2008-4491 |
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Published: October 08, 2008; 2:00:03 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3529 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. Published: September 12, 2008; 12:56:20 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |