VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2008-0050Mar 18, 2008
    risk 0.00cvss epss 0.02

    CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

  • CVE-2008-1147Mar 4, 2008
    risk 0.00cvss epss 0.02

    A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess…

  • CVE-2008-0038Feb 12, 2008
    risk 0.00cvss epss 0.00

    Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

  • CVE-2008-0042Feb 12, 2008
    risk 0.00cvss epss 0.04

    Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

  • CVE-2008-0041Feb 12, 2008
    risk 0.00cvss epss 0.02

    Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.

  • CVE-2008-0037Feb 12, 2008
    risk 0.00cvss epss 0.02

    X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.

  • CVE-2008-0039Feb 12, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2008-0035Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that…

  • CVE-2007-4709Dec 19, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.

  • CVE-2007-5848Dec 19, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

  • CVE-2007-5851Dec 19, 2007
    risk 0.00cvss epss 0.01

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

  • CVE-2007-5847Dec 19, 2007
    risk 0.00cvss epss 0.00

    Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

  • CVE-2007-4710Dec 19, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.

  • CVE-2007-5856Dec 19, 2007
    risk 0.00cvss epss 0.02

    Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.

  • CVE-2007-5855Dec 19, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

  • CVE-2007-5850Dec 19, 2007
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.

  • CVE-2007-5859Dec 19, 2007
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.

  • CVE-2007-5860Dec 19, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."

  • CVE-2007-5857Dec 19, 2007
    risk 0.00cvss epss 0.03

    Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.

Page 88 of 105