Apple » Mac Os X Server : Security Vulnerabilities, CVEs, Published In 2009 (Overflow)
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.31%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
Max CVSS
5.1
EPSS Score
0.95%
Published
2009-11-10
Updated
2009-11-17
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
Max CVSS
6.8
EPSS Score
0.95%
Published
2009-11-10
Updated
2009-11-17
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
Max CVSS
6.8
EPSS Score
1.01%
Published
2009-11-10
Updated
2009-11-17
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
0.76%
Published
2009-11-10
Updated
2009-11-17
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
Max CVSS
6.8
EPSS Score
1.42%
Published
2009-11-10
Updated
2009-11-17
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-09-14
Updated
2017-08-17
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.03%
Published
2009-09-14
Updated
2017-08-17
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.44%
Published
2009-09-14
Updated
2017-08-17
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
Max CVSS
6.8
EPSS Score
0.26%
Published
2009-09-11
Updated
2017-08-17
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.24%
Published
2009-09-09
Updated
2009-09-19
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
Max CVSS
10.0
EPSS Score
4.42%
Published
2009-08-06
Updated
2017-08-17
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
Max CVSS
7.5
EPSS Score
1.11%
Published
2009-08-06
Updated
2017-08-17
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
Max CVSS
9.3
EPSS Score
4.77%
Published
2009-08-06
Updated
2017-08-17
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
Max CVSS
6.8
EPSS Score
4.87%
Published
2009-08-06
Updated
2017-08-17
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
Max CVSS
9.3
EPSS Score
11.45%
Published
2009-08-06
Updated
2017-09-29
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
2.04%
Published
2009-06-05
Updated
2018-10-10
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
Max CVSS
10.0
EPSS Score
8.23%
Published
2009-04-02
Updated
2017-09-29
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
Max CVSS
7.5
EPSS Score
3.62%
Published
2009-04-17
Updated
2021-04-05
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
Max CVSS
6.8
EPSS Score
3.55%
Published
2009-05-13
Updated
2016-08-23
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
Max CVSS
6.8
EPSS Score
0.33%
Published
2009-05-13
Updated
2017-08-08
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
Max CVSS
6.8
EPSS Score
13.89%
Published
2009-05-13
Updated
2017-08-08
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
Max CVSS
6.8
EPSS Score
35.95%
Published
2009-05-13
Updated
2018-10-11
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
Max CVSS
4.4
EPSS Score
0.04%
Published
2009-05-13
Updated
2017-08-08
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
0.20%
Published
2009-02-13
Updated
2011-03-08