Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

17 matches found

CVE•added 2008/06/02 9:30 p.m.•62 views

CVE-2008-1036

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (X...

4.3CVSS5.2AI score0.02315EPSS

CVE•added 2008/06/02 9:30 p.m.•54 views

CVE-2008-1032

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning m...

6.8CVSS7.2AI score0.04339EPSS

CVE•added 2008/06/02 9:30 p.m.•50 views

CVE-2008-1576

Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances,...

6.8CVSS7.4AI score0.01562EPSS

CVE•added 2008/06/23 8:41 p.m.•50 views

CVE-2008-2830

Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demon...

7.2CVSS8.2AI score0.0012EPSS

CVE•added 2008/06/02 9:30 p.m.•44 views

CVE-2008-1572

Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

4.6CVSS5.9AI score0.00064EPSS

CVE•added 2008/06/02 9:30 p.m.•44 views

CVE-2008-1577

Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

9.3CVSS7.6AI score0.04311EPSS

CVE•added 2008/06/02 9:30 p.m.•43 views

CVE-2008-1575

Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

9.3CVSS7.3AI score0.06467EPSS

CVE•added 2008/06/02 9:30 p.m.•41 views

CVE-2008-1034

Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.

9.3CVSS7.5AI score0.24728EPSS

CVE•added 2008/06/02 9:30 p.m.•41 views

CVE-2008-1573

The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

7.1CVSS5.4AI score0.00784EPSS

CVE•added 2008/06/02 9:30 p.m.•40 views

CVE-2008-1574

Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

9.3CVSS7.8AI score0.06438EPSS

CVE•added 2008/06/02 9:30 p.m.•40 views

CVE-2008-1578

The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

2.1CVSS5.1AI score0.00065EPSS

CVE•added 2008/06/02 9:30 p.m.•39 views

CVE-2008-1028

Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

9.3CVSS7.4AI score0.06121EPSS

CVE•added 2008/06/02 9:30 p.m.•38 views

CVE-2008-1579

Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

5CVSS5.4AI score0.00531EPSS

CVE•added 2008/06/02 9:30 p.m.•37 views

CVE-2008-1031

CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

9.3CVSS7.4AI score0.03194EPSS

CVE•added 2008/06/02 9:30 p.m.•35 views

CVE-2008-1027

Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

4.3CVSS6.2AI score0.00524EPSS

CVE•added 2008/06/02 9:30 p.m.•34 views

CVE-2008-1030

Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.

10CVSS7.7AI score0.01929EPSS

CVE•added 2008/06/02 9:30 p.m.•34 views

CVE-2008-1571

Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

5CVSS6.2AI score0.00754EPSS