VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2008-4218Dec 17, 2008
    risk 0.00cvss epss 0.00

    Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.

  • CVE-2008-4217Dec 17, 2008
    risk 0.00cvss epss 0.05

    Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.

  • CVE-2008-4214Oct 10, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

  • CVE-2008-4212Oct 10, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

  • CVE-2008-3647Oct 10, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.

  • CVE-2008-3646Oct 10, 2008
    risk 0.00cvss epss 0.01

    The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

  • CVE-2008-3645Oct 10, 2008
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

  • CVE-2008-3643Oct 10, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."

  • CVE-2008-3642Oct 10, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

  • CVE-2008-4368Oct 1, 2008
    risk 0.00cvss epss 0.01

    The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

  • CVE-2008-3638Sep 26, 2008
    risk 0.00cvss epss 0.03

    Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

  • CVE-2008-3622Sep 16, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

  • CVE-2008-3621Sep 16, 2008
    risk 0.00cvss epss 0.06

    VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

  • CVE-2008-3619Sep 16, 2008
    risk 0.00cvss epss 0.00

    Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

  • CVE-2008-3618Sep 16, 2008
    risk 0.00cvss epss 0.02

    The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files…

  • CVE-2008-3617Sep 16, 2008
    risk 0.00cvss epss 0.01

    Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed…

  • CVE-2008-3616Sep 16, 2008
    risk 0.00cvss epss 0.04

    Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API…

  • CVE-2008-3613Sep 16, 2008
    risk 0.00cvss epss 0.01

    Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.

  • CVE-2008-3611Sep 16, 2008
    risk 0.00cvss epss 0.00

    Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering…

  • CVE-2008-3610Sep 16, 2008
    risk 0.00cvss epss 0.02

    Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an…

Page 84 of 105