Lucene search

K

94 matches found

CVE
CVE
added 2009/08/12 7:30 p.m.47 views

CVE-2009-2196

Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.

5CVSS6.3AI score0.16946EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.47 views

CVE-2009-2812

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

6.8CVSS7.3AI score0.01744EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.47 views

CVE-2009-2833

Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS7.8AI score0.0067EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.47 views

CVE-2009-2839

Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

6.8CVSS7.9AI score0.00747EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.46 views

CVE-2009-0010

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, whi...

9.3CVSS7.7AI score0.45753EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.46 views

CVE-2009-0011

Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.

7.2CVSS6.5AI score0.00029EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.46 views

CVE-2009-0144

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.

4.3CVSS6.5AI score0.00284EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.46 views

CVE-2009-1238

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic...

7.2CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.45 views

CVE-2009-0138

servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.

10CVSS6.8AI score0.02498EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.45 views

CVE-2009-0140

Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

9.3CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.45 views

CVE-2009-2828

The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

7.5CVSS7.9AI score0.02313EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0009

Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

6.8CVSS7.5AI score0.02605EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0020

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

7.8CVSS7.4AI score0.02239EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0141

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

5.5CVSS5.4AI score0.00047EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.44 views

CVE-2009-0150

Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.

4.4CVSS7.3AI score0.00164EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.44 views

CVE-2009-2191

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

7.5CVSS7.5AI score0.00846EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.44 views

CVE-2009-2192

MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

7.5CVSS6AI score0.00347EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9CVSS6.7AI score0.00061EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6CVSS6.9AI score0.00059EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2836

Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

6.2CVSS7.1AI score0.0004EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.43 views

CVE-2009-0013

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

2.1CVSS7AI score0.0007EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0154

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

6.8CVSS7.6AI score0.16284EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0157

Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.

6.8CVSS7.9AI score0.01234EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.5AI score0.02306EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.42 views

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.4AI score0.02306EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.42 views

CVE-2009-1236

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10CVSS6.9AI score0.05379EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.42 views

CVE-2009-2188

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

9.3CVSS7.9AI score0.18341EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.42 views

CVE-2009-2826

Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.

6.8CVSS7.7AI score0.01892EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.41 views

CVE-2009-0139

Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.

9.3CVSS7.6AI score0.0079EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.41 views

CVE-2009-0149

Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

4.4CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.41 views

CVE-2009-2807

Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

7.2CVSS7AI score0.00069EPSS
CVE
CVE
added 2009/08/06 3:30 p.m.40 views

CVE-2009-0151

The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

7.2CVSS6AI score0.00055EPSS
CVE
CVE
added 2009/06/05 4:0 p.m.40 views

CVE-2009-1717

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

6.8CVSS8AI score0.02622EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.40 views

CVE-2009-2819

AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

9.3CVSS7.9AI score0.00729EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.39 views

CVE-2008-1517

Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.

7.2CVSS6.9AI score0.00064EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.39 views

CVE-2009-0015

Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."

4.9CVSS6.2AI score0.0007EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2827

Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

6.8CVSS7.8AI score0.01901EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2838

Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

6.8CVSS7.8AI score0.01892EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.39 views

CVE-2009-2840

Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

4.9CVSS6.7AI score0.00057EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.35 views

CVE-2009-0161

The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.

6.4CVSS6.8AI score0.00181EPSS
Total number of security vulnerabilities94