VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2009-2811Sep 14, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

  • CVE-2009-2809Sep 14, 2009
    risk 0.00cvss epss 0.03

    ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

  • CVE-2009-2807Sep 14, 2009
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

  • CVE-2009-2805Sep 14, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

  • CVE-2009-2804Sep 14, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a…

  • CVE-2009-2803Sep 14, 2009
    risk 0.00cvss epss 0.02

    CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

  • CVE-2009-2800Sep 11, 2009
    risk 0.00cvss epss 0.03

    Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

  • CVE-2009-2205Sep 9, 2009
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

  • CVE-2009-2474Aug 21, 2009
    risk 0.00cvss epss 0.01

    neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…

  • CVE-2009-2196Aug 12, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

  • CVE-2009-2194Aug 6, 2009
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."

  • CVE-2009-2192Aug 6, 2009
    risk 0.00cvss epss 0.03

    MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

  • CVE-2009-2191Aug 6, 2009
    risk 0.00cvss epss 0.04

    Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

  • CVE-2009-2190Aug 6, 2009
    risk 0.00cvss epss 0.04

    launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

  • CVE-2009-1728Aug 6, 2009
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

  • CVE-2009-1727Aug 6, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe…

  • CVE-2009-1723Aug 6, 2009
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect…

  • CVE-2009-0151Aug 6, 2009
    risk 0.00cvss epss 0.00

    The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

  • CVE-2009-1721Jul 31, 2009
    risk 0.00cvss epss 0.04

    The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

  • CVE-2009-1717Jun 5, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based…

Page 81 of 105