Lucene search

K
AppleMac Os X Server10.4.11

40 matches found

CVE
CVE
added 2009/04/17 12:30 a.m.89 views

CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

7.5CVSS8.8AI score0.11816EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.71 views

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related ...

4.3CVSS6.8AI score0.01726EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.65 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legiti...

4.3CVSS5.6AI score0.01808EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.63 views

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3CVSS5.9AI score0.0032EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

6.8CVSS7.7AI score0.0089EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.56 views

CVE-2009-2809

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

6.8CVSS7.8AI score0.02414EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.51 views

CVE-2009-0019

Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

7.5CVSS6.9AI score0.00887EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.51 views

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.50 views

CVE-2009-0018

The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.

7.8CVSS6.8AI score0.00553EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.50 views

CVE-2009-1235

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_...

7.2CVSS5.9AI score0.00204EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.50 views

CVE-2009-1726

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

9.3CVSS7.9AI score0.11304EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.50 views

CVE-2009-2832

Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."

5.1CVSS7.9AI score0.0184EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.49 views

CVE-2009-0017

csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.

7.2CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.49 views

CVE-2009-0156

Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.

4.3CVSS6.8AI score0.01009EPSS
CVE
CVE
added 2009/09/11 6:30 p.m.49 views

CVE-2009-2800

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

6.8CVSS7.5AI score0.00963EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.48 views

CVE-2009-0944

The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruptio...

6.8CVSS7.7AI score0.01551EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.48 views

CVE-2009-1728

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

6.8CVSS8.1AI score0.09715EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.47 views

CVE-2009-0158

Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.

6.8CVSS7.9AI score0.01908EPSS
CVE
CVE
added 2009/08/12 7:30 p.m.47 views

CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5CVSS6.3AI score0.16946EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.46 views

CVE-2009-1238

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic...

7.2CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.45 views

CVE-2009-0140

Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

9.3CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0009

Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

6.8CVSS7.5AI score0.02605EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0020

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

7.8CVSS7.4AI score0.02239EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0141

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

5.5CVSS5.4AI score0.00047EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.44 views

CVE-2009-2191

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

7.5CVSS7.5AI score0.00846EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9CVSS6.7AI score0.00061EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6CVSS6.9AI score0.00059EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.43 views

CVE-2009-0013

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

2.1CVSS7AI score0.0007EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0154

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

6.8CVSS7.6AI score0.16284EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.5AI score0.02306EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.42 views

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.4AI score0.02306EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.42 views

CVE-2009-1236

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10CVSS6.9AI score0.05379EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.41 views

CVE-2009-0149

Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

4.4CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.41 views

CVE-2009-2818

Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).

5CVSS6.8AI score0.00421EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.35 views

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

6.4CVSS6.8AI score0.00181EPSS