VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2008-1573Jun 2, 2008
    risk 0.00cvss epss 0.02

    The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

  • CVE-2008-1572Jun 2, 2008
    risk 0.00cvss epss 0.00

    Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

  • CVE-2008-1580Jun 2, 2008
    risk 0.00cvss epss 0.01

    CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use…

  • CVE-2008-1032Jun 2, 2008
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…

  • CVE-2008-1027Jun 2, 2008
    risk 0.00cvss epss 0.02

    Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

  • CVE-2008-1036Jun 2, 2008
    risk 0.00cvss epss 0.03

    The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…

  • CVE-2008-1577Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

  • CVE-2008-1579Jun 2, 2008
    risk 0.00cvss epss 0.03

    Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

  • CVE-2008-1030Jun 2, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…

  • CVE-2008-1031Jun 2, 2008
    risk 0.00cvss epss 0.06

    CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

  • CVE-2008-1575Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

  • CVE-2008-1571Jun 2, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

  • CVE-2008-1028Jun 2, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

  • CVE-2008-1578Jun 2, 2008
    risk 0.00cvss epss 0.00

    The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-1576Jun 2, 2008
    risk 0.00cvss epss 0.04

    Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in…

  • CVE-2008-0055Mar 18, 2008
    risk 0.00cvss epss 0.00

    Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

  • CVE-2008-0987Mar 18, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

  • CVE-2008-0058Mar 18, 2008
    risk 0.00cvss epss 0.03

    Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

  • CVE-2008-0990Mar 18, 2008
    risk 0.00cvss epss 0.00

    notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

  • CVE-2008-0996Mar 18, 2008
    risk 0.00cvss epss 0.00

    The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

Page 86 of 105