Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2834 | 0.00 | — | 0.00 | Nov 10, 2009 | IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||
| CVE-2009-2833 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2009-2832 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." | |||
| CVE-2009-2831 | 0.00 | — | 0.01 | Nov 10, 2009 | Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||
| CVE-2009-2830 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might… | |||
| CVE-2009-2829 | 0.00 | — | 0.02 | Nov 10, 2009 | Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"… | |||
| CVE-2009-2828 | 0.00 | — | 0.03 | Nov 10, 2009 | The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2009-2827 | 0.00 | — | 0.03 | Nov 10, 2009 | Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||
| CVE-2009-2826 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||
| CVE-2009-2825 | 0.00 | — | 0.01 | Nov 10, 2009 | Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted… | |||
| CVE-2009-2824 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||
| CVE-2009-2823 | 0.00 | — | 0.02 | Nov 10, 2009 | The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||
| CVE-2009-2819 | 0.00 | — | 0.02 | Nov 10, 2009 | AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||
| CVE-2009-2818 | 0.00 | — | 0.02 | Nov 10, 2009 | Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||
| CVE-2009-2810 | 0.00 | — | 0.03 | Nov 10, 2009 | Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"… | |||
| CVE-2009-2808 | 0.00 | — | 0.01 | Nov 10, 2009 | Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | |||
| CVE-2009-3767 | 0.00 | — | 0.03 | Oct 23, 2009 | libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2009-2814 | 0.00 | — | 0.02 | Sep 14, 2009 | Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | |||
| CVE-2009-2813 | 0.00 | — | 0.03 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,… | |||
| CVE-2009-2812 | 0.00 | — | 0.02 | Sep 14, 2009 | Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a… |
- CVE-2009-2834Nov 10, 2009risk 0.00cvss —epss 0.00
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
- CVE-2009-2833Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2009-2832Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
- CVE-2009-2831Nov 10, 2009risk 0.00cvss —epss 0.01
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
- CVE-2009-2830Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might…
- CVE-2009-2829Nov 10, 2009risk 0.00cvss —epss 0.02
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"…
- CVE-2009-2828Nov 10, 2009risk 0.00cvss —epss 0.03
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
- CVE-2009-2827Nov 10, 2009risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
- CVE-2009-2826Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
- CVE-2009-2825Nov 10, 2009risk 0.00cvss —epss 0.01
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted…
- CVE-2009-2824Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
- CVE-2009-2823Nov 10, 2009risk 0.00cvss —epss 0.02
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
- CVE-2009-2819Nov 10, 2009risk 0.00cvss —epss 0.02
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
- CVE-2009-2818Nov 10, 2009risk 0.00cvss —epss 0.02
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
- CVE-2009-2810Nov 10, 2009risk 0.00cvss —epss 0.03
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"…
- CVE-2009-2808Nov 10, 2009risk 0.00cvss —epss 0.01
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
- CVE-2009-3767Oct 23, 2009risk 0.00cvss —epss 0.03
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof…
- CVE-2009-2814Sep 14, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
- CVE-2009-2813Sep 14, 2009risk 0.00cvss —epss 0.03
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…
- CVE-2009-2812Sep 14, 2009risk 0.00cvss —epss 0.02
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a…
Page 80 of 105