Lucene search

K
AppleMac Os X10.4.11

37 matches found

CVE
CVE
added 2009/04/17 12:30 a.m.89 views

CVE-2009-0946

Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

7.5CVSS8.8AI score0.11816EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.71 views

CVE-2009-2820

The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related ...

4.3CVSS6.8AI score0.01726EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.65 views

CVE-2009-2825

Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legiti...

4.3CVSS5.6AI score0.01808EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.63 views

CVE-2009-2823

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

4.3CVSS5.9AI score0.0032EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

6.8CVSS7.7AI score0.0089EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.56 views

CVE-2009-2809

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

6.8CVSS7.8AI score0.02414EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.51 views

CVE-2009-0019

Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.

7.5CVSS6.9AI score0.00887EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.51 views

CVE-2009-2808

Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

5.4CVSS7.1AI score0.00092EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.50 views

CVE-2009-0018

The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.

7.8CVSS6.8AI score0.00553EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.50 views

CVE-2009-1235

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_...

7.2CVSS5.9AI score0.00204EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.50 views

CVE-2009-1726

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

9.3CVSS7.9AI score0.11304EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.49 views

CVE-2009-0017

csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.

7.2CVSS7.1AI score0.0008EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.49 views

CVE-2009-0156

Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.

4.3CVSS6.8AI score0.01009EPSS
CVE
CVE
added 2009/09/11 6:30 p.m.49 views

CVE-2009-2800

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

6.8CVSS7.5AI score0.00963EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.48 views

CVE-2009-0944

The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruptio...

6.8CVSS7.7AI score0.01551EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.48 views

CVE-2009-1728

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

6.8CVSS8.1AI score0.09715EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.47 views

CVE-2009-0158

Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.

6.8CVSS7.9AI score0.01908EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.46 views

CVE-2009-0010

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, whi...

9.3CVSS7.7AI score0.45753EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.46 views

CVE-2009-1238

Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic...

7.2CVSS6.4AI score0.00112EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.45 views

CVE-2009-0140

Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name.

9.3CVSS6.7AI score0.00427EPSS
CVE
CVE
added 2009/09/14 4:30 p.m.45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0009

Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.

6.8CVSS7.5AI score0.02605EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0020

Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.

7.8CVSS7.4AI score0.02239EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.44 views

CVE-2009-0141

XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user.

5.5CVSS5.4AI score0.00047EPSS
CVE
CVE
added 2009/08/06 4:30 p.m.44 views

CVE-2009-2191

Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

7.5CVSS7.5AI score0.00846EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2834

IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

4.9CVSS6.7AI score0.00061EPSS
CVE
CVE
added 2009/11/10 7:30 p.m.44 views

CVE-2009-2835

The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

4.6CVSS6.9AI score0.00059EPSS
CVE
CVE
added 2009/02/13 12:30 a.m.43 views

CVE-2009-0013

dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.

2.1CVSS7AI score0.0007EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0154

Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.

6.8CVSS7.6AI score0.16284EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.43 views

CVE-2009-0942

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.5AI score0.02306EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.42 views

CVE-2009-0943

Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.

6.8CVSS7.4AI score0.02306EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.42 views

CVE-2009-1236

Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.

10CVSS6.9AI score0.05379EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.41 views

CVE-2009-0149

Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.

4.4CVSS7.1AI score0.00117EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.39 views

CVE-2009-1237

Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.

4.9CVSS6.2AI score0.00237EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.38 views

CVE-2009-0160

QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.

6.8CVSS7.7AI score0.01375EPSS
CVE
CVE
added 2009/05/13 3:30 p.m.37 views

CVE-2009-0145

CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.

6.8CVSS7.7AI score0.053EPSS