Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1573 | 0.00 | — | 0.02 | Jun 2, 2008 | The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||
| CVE-2008-1572 | 0.00 | — | 0.00 | Jun 2, 2008 | Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | |||
| CVE-2008-1580 | 0.00 | — | 0.01 | Jun 2, 2008 | CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use… | |||
| CVE-2008-1032 | 0.00 | — | 0.04 | Jun 2, 2008 | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a… | |||
| CVE-2008-1027 | 0.00 | — | 0.02 | Jun 2, 2008 | Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | |||
| CVE-2008-1036 | 0.00 | — | 0.03 | Jun 2, 2008 | The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct… | |||
| CVE-2008-1577 | 0.00 | — | 0.06 | Jun 2, 2008 | Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." | |||
| CVE-2008-1579 | 0.00 | — | 0.03 | Jun 2, 2008 | Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||
| CVE-2008-1030 | 0.00 | — | 0.05 | Jun 2, 2008 | Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based… | |||
| CVE-2008-1031 | 0.00 | — | 0.06 | Jun 2, 2008 | CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | |||
| CVE-2008-1575 | 0.00 | — | 0.06 | Jun 2, 2008 | Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. | |||
| CVE-2008-1571 | 0.00 | — | 0.04 | Jun 2, 2008 | Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||
| CVE-2008-1028 | 0.00 | — | 0.05 | Jun 2, 2008 | Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||
| CVE-2008-1578 | 0.00 | — | 0.00 | Jun 2, 2008 | The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2008-1576 | 0.00 | — | 0.04 | Jun 2, 2008 | Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in… | |||
| CVE-2008-0055 | 0.00 | — | 0.00 | Mar 18, 2008 | Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||
| CVE-2008-0987 | 0.00 | — | 0.05 | Mar 18, 2008 | Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | |||
| CVE-2008-0058 | 0.00 | — | 0.03 | Mar 18, 2008 | Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||
| CVE-2008-0990 | 0.00 | — | 0.00 | Mar 18, 2008 | notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | |||
| CVE-2008-0996 | 0.00 | — | 0.00 | Mar 18, 2008 | The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials. |
- CVE-2008-1573Jun 2, 2008risk 0.00cvss —epss 0.02
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
- CVE-2008-1572Jun 2, 2008risk 0.00cvss —epss 0.00
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
- CVE-2008-1580Jun 2, 2008risk 0.00cvss —epss 0.01
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use…
- CVE-2008-1032Jun 2, 2008risk 0.00cvss —epss 0.04
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…
- CVE-2008-1027Jun 2, 2008risk 0.00cvss —epss 0.02
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
- CVE-2008-1036Jun 2, 2008risk 0.00cvss —epss 0.03
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…
- CVE-2008-1577Jun 2, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
- CVE-2008-1579Jun 2, 2008risk 0.00cvss —epss 0.03
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
- CVE-2008-1030Jun 2, 2008risk 0.00cvss —epss 0.05
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…
- CVE-2008-1031Jun 2, 2008risk 0.00cvss —epss 0.06
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
- CVE-2008-1575Jun 2, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
- CVE-2008-1571Jun 2, 2008risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
- CVE-2008-1028Jun 2, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
- CVE-2008-1578Jun 2, 2008risk 0.00cvss —epss 0.00
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2008-1576Jun 2, 2008risk 0.00cvss —epss 0.04
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in…
- CVE-2008-0055Mar 18, 2008risk 0.00cvss —epss 0.00
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.
- CVE-2008-0987Mar 18, 2008risk 0.00cvss —epss 0.05
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
- CVE-2008-0058Mar 18, 2008risk 0.00cvss —epss 0.03
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.
- CVE-2008-0990Mar 18, 2008risk 0.00cvss —epss 0.00
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
- CVE-2008-0996Mar 18, 2008risk 0.00cvss —epss 0.00
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
Page 86 of 105