Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-2191 |
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. Published: August 06, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-1728 |
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. Published: August 06, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-1726 |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. Published: August 06, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0945 |
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. Published: May 13, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0944 |
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0943 |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0942 |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0161 |
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2009-0160 |
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0158 |
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0156 |
Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-0154 |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0149 |
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2009-0145 |
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-0010 |
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. Published: May 13, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0946 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Published: April 16, 2009; 8:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2009-1238 |
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. Published: April 02, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2009-1237 |
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. Published: April 02, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2009-1236 |
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. Published: April 02, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1235 |
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. Published: April 02, 2009; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |