Mac Os X@10.5.5 Security Vulnerabilities and Issues — Mac Os X@10.5.5 CVE List

Lucene search

AppleMac Os X10.5.5

11 matches found

CVE•added 2008/10/10 10:30 a.m.•52 views

CVE-2008-4211

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft ...

10CVSS7.3AI score0.13955EPSS

CVE•added 2008/10/10 10:30 a.m.•47 views

CVE-2008-3642

Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.

9.3CVSS7.8AI score0.24954EPSS

CVE•added 2008/10/10 10:30 a.m.•44 views

CVE-2008-3647

Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.

9.3CVSS7.8AI score0.05563EPSS

CVE•added 2008/09/26 4:21 p.m.•43 views

CVE-2008-3638

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

9.3CVSS8.6AI score0.01864EPSS

CVE•added 2008/10/10 10:30 a.m.•43 views

CVE-2008-3645

Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.

7.2CVSS7.6AI score0.00068EPSS

CVE•added 2008/10/10 10:30 a.m.•40 views

CVE-2008-4214

Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.

4.6CVSS6.1AI score0.00069EPSS

CVE•added 2008/10/01 3:38 p.m.•40 views

CVE-2008-4368

The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE.

5CVSS6.2AI score0.00262EPSS

CVE•added 2008/10/10 10:30 a.m.•39 views

CVE-2008-3646

The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.

6.8CVSS6.4AI score0.00755EPSS

CVE•added 2008/10/10 10:30 a.m.•39 views

CVE-2008-4212

Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.

10CVSS6.6AI score0.00803EPSS

CVE•added 2008/10/10 10:30 a.m.•38 views

CVE-2008-3643

Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."

7.8CVSS6.3AI score0.01028EPSS

CVE•added 2008/09/26 4:21 p.m.•37 views

CVE-2008-3637

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."

9.3CVSS8.6AI score0.12476EPSS