Mac Os X@10.4.1 Security Vulnerabilities and Issues — Mac Os X@10.4.1 CVE List

Lucene search

AppleMac Os X10.4.1

172 matches found

CVE•added 2005/12/22 11:3 p.m.•422 views

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

7.8CVSS6AI score0.21773EPSS

CVE•added 2012/05/11 3:49 a.m.•125 views

CVE-2012-0659

Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

6.8CVSS8.5AI score0.01774EPSS

CVE•added 2009/11/10 7:30 p.m.•71 views

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related ...

4.3CVSS6.8AI score0.01726EPSS

CVE•added 2009/11/10 7:30 p.m.•65 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legiti...

4.3CVSS5.6AI score0.01808EPSS

CVE•added 2005/04/14 4:0 a.m.•63 views

CVE-2005-1043

exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

5CVSS6.3AI score0.01229EPSS

CVE•added 2009/11/10 7:30 p.m.•63 views

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3CVSS5.9AI score0.0032EPSS

CVE•added 2008/07/01 6:41 p.m.•62 views

CVE-2008-2309

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or ...

6.8CVSS7.2AI score0.02463EPSS

CVE•added 2006/03/31 11:6 a.m.•57 views

CVE-2006-1552

Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".

5CVSS6.4AI score0.03822EPSS

CVE•added 2011/10/14 10:55 a.m.•56 views

CVE-2011-3220

QuickTime in Apple Mac OS X before 10.7.2 does not properly process URL data handlers in movie files, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted file.

4.3CVSS7.3AI score0.00735EPSS

CVE•added 2011/10/14 10:55 a.m.•56 views

CVE-2011-3222

Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

6.8CVSS8.6AI score0.02208EPSS

CVE•added 2012/09/20 9:55 p.m.•56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2007/03/13 10:19 p.m.•55 views

CVE-2007-0722

Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

6.8CVSS8AI score0.09583EPSS

CVE•added 2007/11/15 1:46 a.m.•55 views

CVE-2007-4690

Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

9CVSS7.2AI score0.02227EPSS

CVE•added 2007/11/15 1:46 a.m.•54 views

CVE-2007-4693

The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

7.2CVSS7.6AI score0.00079EPSS

CVE•added 2014/11/18 11:59 a.m.•54 views

CVE-2014-4460

CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not properly clear the browsing cache upon a transition out of private-browsing mode, which makes it easier for physically proximate attackers to obtain sensitive information by reading cache files.

2.1CVSS2.8AI score0.00072EPSS

CVE•added 2006/03/14 2:2 a.m.•52 views

CVE-2006-1220

Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.

4.6CVSS7.5AI score0.00085EPSS

CVE•added 2006/10/03 4:2 a.m.•52 views

CVE-2006-4392

The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task add...

7.2CVSS6.2AI score0.01057EPSS

CVE•added 2006/11/30 4:28 p.m.•52 views

CVE-2006-4408

The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-294...

5CVSS8.8AI score0.16493EPSS

CVE•added 2011/10/14 10:55 a.m.•52 views

CVE-2011-3215

The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state.

2.1CVSS7.8AI score0.00068EPSS

CVE•added 2011/10/14 10:55 a.m.•52 views

CVE-2011-3218

The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported...

2.6CVSS7.2AI score0.00662EPSS

CVE•added 2013/06/05 2:39 p.m.•52 views

CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.

9.3CVSS7.5AI score0.09856EPSS

CVE•added 2014/11/18 11:59 a.m.•52 views

CVE-2014-4453

Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5CVSS5.5AI score0.00782EPSS

CVE•added 2006/03/14 11:2 a.m.•51 views

CVE-2006-0397

Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2...

7.5CVSS5.7AI score0.00794EPSS

CVE•added 2006/06/27 10:13 p.m.•51 views

CVE-2006-1470

OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.

5CVSS6.1AI score0.13704EPSS

CVE•added 2006/10/03 4:2 a.m.•51 views

CVE-2006-4387

Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.

4.6CVSS6.1AI score0.0009EPSS

CVE•added 2007/03/13 9:19 p.m.•51 views

CVE-2007-0719

Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

6.8CVSS8.1AI score0.13074EPSS

CVE•added 2007/05/24 10:30 p.m.•51 views

CVE-2007-2386

Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

9.4CVSS7.7AI score0.71927EPSS

CVE•added 2009/11/10 7:30 p.m.•51 views

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4CVSS7.1AI score0.00092EPSS

CVE•added 2005/06/13 4:0 a.m.•50 views

CVE-2005-1474

Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.

7.5CVSS6AI score0.01548EPSS

CVE•added 2006/04/21 10:2 p.m.•50 views

CVE-2006-1983

Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKi...

6.4CVSS7.8AI score0.37958EPSS

CVE•added 2006/07/31 11:4 p.m.•50 views

CVE-2006-3946

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLPars...

7.5CVSS7.6AI score0.04722EPSS

CVE•added 2006/10/03 4:2 a.m.•50 views

CVE-2006-4390

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

2.6CVSS6.1AI score0.00277EPSS

CVE•added 2009/04/02 5:30 p.m.•50 views

CVE-2009-1235

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_...

7.2CVSS5.9AI score0.00204EPSS

CVE•added 2011/10/14 10:55 a.m.•50 views

CVE-2011-0230

Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS8.7AI score0.01462EPSS

CVE•added 2005/10/25 10:6 p.m.•48 views

CVE-2005-2744

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

5.1CVSS7.5AI score0.04813EPSS

CVE•added 2006/03/02 7:0 p.m.•48 views

CVE-2005-3706

Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.

6.4CVSS7.9AI score0.01488EPSS

CVE•added 2006/03/02 7:0 p.m.•48 views

CVE-2005-3712

Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.

6.5CVSS7.8AI score0.04452EPSS

CVE•added 2006/04/21 10:2 p.m.•48 views

CVE-2006-1984

Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.

5CVSS6.6AI score0.05644EPSS

CVE•added 2006/10/03 4:2 a.m.•48 views

CVE-2006-4391

Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.

5.1CVSS7.5AI score0.14822EPSS

CVE•added 2007/03/13 10:19 p.m.•48 views

CVE-2007-0726

The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were base...

5CVSS7.4AI score0.01123EPSS

CVE•added 2007/03/13 10:19 p.m.•48 views

CVE-2007-0728

Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

4.4CVSS7.3AI score0.00076EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4688

The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

5CVSS6.8AI score0.0045EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4689

Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

10CVSS7.6AI score0.06346EPSS

CVE•added 2007/11/15 1:46 a.m.•48 views

CVE-2007-4691

The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

10CVSS6.9AI score0.00524EPSS

CVE•added 2009/08/06 4:30 p.m.•48 views

CVE-2009-1728

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

6.8CVSS8.1AI score0.09715EPSS

CVE•added 2012/09/20 9:55 p.m.•48 views

CVE-2012-0650

Buffer overflow in the DirectoryService Proxy in DirectoryService in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS8AI score0.01399EPSS

CVE•added 2012/05/11 3:49 a.m.•48 views

CVE-2012-0657

Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

2.1CVSS7.7AI score0.00075EPSS

CVE•added 2006/03/02 7:6 p.m.•47 views

CVE-2006-0383

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".

5CVSS6.6AI score0.01157EPSS

CVE•added 2006/03/14 11:2 a.m.•47 views

CVE-2006-0399

7.5CVSS5.7AI score0.00794EPSS

CVE•added 2006/03/14 11:2 a.m.•47 views

CVE-2006-0400

CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."

7.5CVSS6.4AI score0.00584EPSS

Total number of security vulnerabilities172