Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

11 matches found

CVE•added 2009/09/08 6:30 p.m.•519 views

CVE-2009-3095

The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pa...

5CVSS9.4AI score0.06974EPSS

CVE•added 2009/09/14 4:30 p.m.•84 views

CVE-2009-2813

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote aut...

6CVSS7AI score0.00366EPSS

CVE•added 2009/09/09 10:30 p.m.•61 views

CVE-2009-2205

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

6.8CVSS8.3AI score0.00837EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2803

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

6.8CVSS7.7AI score0.0089EPSS

CVE•added 2009/09/14 4:30 p.m.•57 views

CVE-2009-2804

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.09194EPSS

CVE•added 2009/09/14 4:30 p.m.•56 views

CVE-2009-2809

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

6.8CVSS7.8AI score0.02414EPSS

CVE•added 2009/09/14 4:30 p.m.•52 views

CVE-2009-2811

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

6.8CVSS7.4AI score0.02518EPSS

CVE•added 2009/09/11 6:30 p.m.•49 views

CVE-2009-2800

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

6.8CVSS7.5AI score0.00963EPSS

CVE•added 2009/09/14 4:30 p.m.•47 views

CVE-2009-2812

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

6.8CVSS7.3AI score0.01744EPSS

CVE•added 2009/09/14 4:30 p.m.•45 views

CVE-2009-2805

Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.

6.8CVSS7.9AI score0.02424EPSS

CVE•added 2009/09/14 4:30 p.m.•41 views

CVE-2009-2807

Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.

7.2CVSS7AI score0.00069EPSS