CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2007-0430 DoS Mem. Corr. 2007-01-22 2018-10-16
4.9
None Local Low Not required None None Complete
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
902 CVE-2007-0342 399 DoS 2007-01-17 2008-09-05
4.3
None Remote Medium Not required None None Partial
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
903 CVE-2007-0318 DoS 2007-01-17 2008-09-05
7.8
None Remote Low Not required None None Complete
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.
904 CVE-2007-0299 DoS Overflow 2007-01-17 2008-09-05
7.1
None Remote Medium Not required None None Complete
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.
905 CVE-2007-0267 399 DoS 2007-01-16 2011-06-10
6.6
None Local Low Not required None Complete Complete
The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.
906 CVE-2007-0236 119 DoS Exec Code Overflow 2007-01-16 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
907 CVE-2007-0229 189 DoS Overflow +Priv 2007-01-12 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
908 CVE-2007-0197 20 DoS Exec Code Mem. Corr. 2007-01-11 2018-10-16
6.8
User Remote Medium Not required Partial Partial Partial
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
909 CVE-2006-6353 DoS 2006-12-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".
910 CVE-2006-6292 DoS 2006-12-05 2017-07-28
5.7
None Local Network Medium Not required None None Complete
Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.
911 CVE-2006-6129 DoS Exec Code Overflow Mem. Corr. 2006-11-26 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.
912 CVE-2006-6127 DoS 2006-11-26 2017-07-28
2.1
None Local Low Not required None None Partial
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
913 CVE-2006-6126 DoS Mem. Corr. 2006-11-26 2017-07-28
2.1
None Local Low Not required None None Partial
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
914 CVE-2006-6062 DoS Mem. Corr. 2006-11-21 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
915 CVE-2006-6061 DoS Exec Code Mem. Corr. 2006-11-21 2017-07-19
9.3
Admin Remote Medium Not required Complete Complete Complete
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
916 CVE-2006-6015 DoS Overflow 2006-11-21 2018-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
917 CVE-2006-4408 DoS 2006-11-30 2008-09-05
5.0
None Remote Low Not required None None Partial
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
918 CVE-2006-4403 DoS 2006-11-30 2017-07-19
4.0
None Remote High Not required Partial None Partial
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
919 CVE-2006-4395 DoS Mem. Corr. 2006-10-03 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."
920 CVE-2006-3946 119 DoS Exec Code Overflow 2006-07-31 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.
921 CVE-2006-3509 DoS Exec Code Overflow 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
922 CVE-2006-3508 DoS Exec Code Overflow +Priv 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
923 CVE-2006-3505 DoS Exec Code 2006-08-02 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
924 CVE-2006-3503 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
925 CVE-2006-3502 DoS Exec Code 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
926 CVE-2006-3501 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
927 CVE-2006-3497 DoS Exec Code 2006-08-02 2011-04-07
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
928 CVE-2006-3496 DoS 2006-08-02 2017-07-19
5.0
None Remote Low Not required None None Partial
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
929 CVE-2006-3356 DoS 2006-07-06 2017-07-19
2.6
None Remote High Not required None None Partial
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
930 CVE-2006-2277 DoS 2006-05-09 2018-10-18
5.0
None Remote Low Not required None None Partial
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
931 CVE-2006-1984 DoS 2006-04-21 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
932 CVE-2006-1983 119 DoS Exec Code Overflow 2006-04-21 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
933 CVE-2006-1552 189 DoS Overflow 2006-03-31 2017-07-19
5.0
None Remote Low Not required None None Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
934 CVE-2006-1473 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.0
None Remote Low Not required None None Partial
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
935 CVE-2006-1470 399 DoS 2006-06-27 2017-07-19
5.0
None Remote Low Not required None None Partial
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
936 CVE-2006-1469 119 DoS Exec Code Overflow 2006-06-27 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.
937 CVE-2006-1455 DoS 2006-05-12 2017-07-19
7.8
None Remote Low Not required None None Complete
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
938 CVE-2006-0393 DoS 2006-08-02 2017-07-19
4.0
None Remote High Not required Partial None Partial
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
939 CVE-2006-0392 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
940 CVE-2006-0384 DoS Exec Code 2006-03-02 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
941 CVE-2006-0383 DoS 2006-03-02 2017-07-19
5.0
None Remote Low Not required None None Partial
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
942 CVE-2006-0382 DoS 2006-02-14 2017-07-19
2.1
None Local Low Not required None None Partial
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
943 CVE-2005-4504 DoS 2005-12-22 2017-07-19
7.8
None Remote Low Not required None None Complete
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
944 CVE-2005-2526 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
945 CVE-2005-2525 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
946 CVE-2005-2506 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
947 CVE-2005-2194 DoS 2005-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
948 CVE-2005-1330 20 DoS 2005-05-04 2008-09-05
4.9
None Local Low Not required None None Complete
AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
949 CVE-2005-1043 DoS 2005-04-14 2018-10-30
5.0
None Remote Low Not required None None Partial
exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
950 CVE-2005-0985 DoS 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.
Total number of vulnerabilities : 970   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.