Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-0999 | 0.00 | — | 0.03 | Mar 18, 2008 | Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | |||
| CVE-2008-0059 | 0.00 | — | 0.02 | Mar 18, 2008 | Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||
| CVE-2008-0998 | 0.00 | — | 0.00 | Mar 18, 2008 | Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | |||
| CVE-2008-0988 | 0.00 | — | 0.02 | Mar 18, 2008 | Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | |||
| CVE-2008-0054 | 0.00 | — | 0.05 | Mar 18, 2008 | Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||
| CVE-2008-0052 | 0.00 | — | 0.02 | Mar 18, 2008 | CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||
| CVE-2008-0060 | 0.00 | — | 0.02 | Mar 18, 2008 | Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||
| CVE-2008-0992 | 0.00 | — | 0.03 | Mar 18, 2008 | Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | |||
| CVE-2008-0994 | 0.00 | — | 0.01 | Mar 18, 2008 | Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||
| CVE-2008-0989 | 0.00 | — | 0.00 | Mar 18, 2008 | Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||
| CVE-2008-0056 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||
| CVE-2008-0995 | 0.00 | — | 0.02 | Mar 18, 2008 | The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | |||
| CVE-2008-0045 | 0.00 | — | 0.02 | Mar 18, 2008 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||
| CVE-2008-0051 | 0.00 | — | 0.00 | Mar 18, 2008 | Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||
| CVE-2008-0050 | 0.00 | — | 0.02 | Mar 18, 2008 | CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||
| CVE-2008-0049 | 0.00 | — | 0.00 | Mar 18, 2008 | AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||
| CVE-2008-0048 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||
| CVE-2008-0057 | 0.00 | — | 0.03 | Mar 18, 2008 | Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | |||
| CVE-2008-0046 | 0.00 | — | 0.02 | Mar 18, 2008 | The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and… | |||
| CVE-2008-0044 | 0.00 | — | 0.04 | Mar 18, 2008 | Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. |
- CVE-2008-0999Mar 18, 2008risk 0.00cvss —epss 0.03
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
- CVE-2008-0059Mar 18, 2008risk 0.00cvss —epss 0.02
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."
- CVE-2008-0998Mar 18, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
- CVE-2008-0988Mar 18, 2008risk 0.00cvss —epss 0.02
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
- CVE-2008-0054Mar 18, 2008risk 0.00cvss —epss 0.05
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
- CVE-2008-0052Mar 18, 2008risk 0.00cvss —epss 0.02
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
- CVE-2008-0060Mar 18, 2008risk 0.00cvss —epss 0.02
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
- CVE-2008-0992Mar 18, 2008risk 0.00cvss —epss 0.03
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
- CVE-2008-0994Mar 18, 2008risk 0.00cvss —epss 0.01
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
- CVE-2008-0989Mar 18, 2008risk 0.00cvss —epss 0.00
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
- CVE-2008-0056Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
- CVE-2008-0995Mar 18, 2008risk 0.00cvss —epss 0.02
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
- CVE-2008-0045Mar 18, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
- CVE-2008-0051Mar 18, 2008risk 0.00cvss —epss 0.00
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
- CVE-2008-0050Mar 18, 2008risk 0.00cvss —epss 0.02
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
- CVE-2008-0049Mar 18, 2008risk 0.00cvss —epss 0.00
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
- CVE-2008-0048Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
- CVE-2008-0057Mar 18, 2008risk 0.00cvss —epss 0.03
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
- CVE-2008-0046Mar 18, 2008risk 0.00cvss —epss 0.02
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and…
- CVE-2008-0044Mar 18, 2008risk 0.00cvss —epss 0.04
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.
Page 87 of 105