VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2010-0065Mar 30, 2010
    risk 0.00cvss epss 0.02

    Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

  • CVE-2010-0064Mar 30, 2010
    risk 0.00cvss epss 0.00

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

  • CVE-2010-0063Mar 30, 2010
    risk 0.00cvss epss 0.02

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content…

  • CVE-2010-0062Mar 30, 2010
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an…

  • CVE-2010-0060Mar 30, 2010
    risk 0.00cvss epss 0.03

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.

  • CVE-2010-0055Mar 30, 2010
    risk 0.00cvss epss 0.02

    xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

  • CVE-2010-0533Mar 30, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

  • CVE-2010-0059Mar 30, 2010
    risk 0.00cvss epss 0.05

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields,…

  • CVE-2010-0058Mar 30, 2010
    risk 0.00cvss epss 0.02

    freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

  • CVE-2010-0057Mar 30, 2010
    risk 0.00cvss epss 0.01

    AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

  • CVE-2010-0056Mar 30, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

  • CVE-2009-2801Mar 30, 2010
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

  • CVE-2010-0205Mar 3, 2010
    risk 0.00cvss epss 0.04

    The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to…

  • CVE-2009-2843Dec 8, 2009
    risk 0.00cvss epss 0.02

    Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

  • CVE-2009-2840Nov 10, 2009
    risk 0.00cvss epss 0.00

    Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

  • CVE-2009-2839Nov 10, 2009
    risk 0.00cvss epss 0.02

    Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2009-2838Nov 10, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

  • CVE-2009-2837Nov 10, 2009
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

  • CVE-2009-2836Nov 10, 2009
    risk 0.00cvss epss 0.00

    Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

  • CVE-2009-2835Nov 10, 2009
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

Page 79 of 105