Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
There are 2,068 matching records.
Displaying matches 1,921 through 1,940.
Vuln ID Summary CVSS Severity
CVE-2010-0497

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

Published: March 30, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-0065

Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

Published: March 30, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-0063

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

Published: March 30, 2010; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-0533

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

Published: March 30, 2010; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0057

AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

Published: March 30, 2010; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

Published: March 03, 2010; 2:30:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

Published: November 10, 2009; 2:30:01 PM -0500
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2009-3767

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: October 23, 2009; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2009-2809

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

Published: September 14, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

Published: September 14, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

Published: September 14, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

Published: September 14, 2009; 12:30:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-2800

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

Published: September 11, 2009; 2:30:03 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2009-3095

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.

Published: September 08, 2009; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Published: August 21, 2009; 1:30:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM