Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
There are 2,068 matching records.
Displaying matches 1,981 through 2,000.
Vuln ID Summary CVSS Severity
CVE-2008-4212

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-3647

Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.

Published: October 10, 2008; 6:30:05 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3645

Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

Published: October 10, 2008; 6:30:04 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-3642

Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

Published: October 10, 2008; 6:30:04 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

Published: September 26, 2008; 12:21:43 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3621

VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

Published: September 16, 2008; 7:00:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3616

Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.

Published: September 16, 2008; 7:00:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-3611

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

Published: September 16, 2008; 7:00:01 PM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2008-3608

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

Published: September 16, 2008; 7:00:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2332

ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

Published: September 16, 2008; 7:00:01 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2312

Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

Published: September 16, 2008; 7:00:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2008-2305

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

Published: September 16, 2008; 7:00:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3634

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2008-3629

Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-3624

Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms.

Published: September 10, 2008; 9:13:09 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2008-2939

Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

Published: August 06, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-2320

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.

Published: August 03, 2008; 9:41:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2321

Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."

Published: August 03, 2008; 9:41:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2322

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.

Published: August 03, 2008; 9:41:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-2324

The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

Published: August 03, 2008; 9:41:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM