CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2009-2826 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
402 CVE-2009-2824 119 Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
403 CVE-2009-2813 264 Bypass 2009-09-14 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
404 CVE-2009-2812 Exec Code 2009-09-14 2012-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.
405 CVE-2009-2811 94 Exec Code 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
406 CVE-2009-2810 Exec Code 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.
407 CVE-2009-2809 94 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
408 CVE-2009-2805 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
409 CVE-2009-2804 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
410 CVE-2009-2803 399 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
411 CVE-2009-2801 264 Bypass 2010-03-30 2010-03-31
6.4
None Remote Low Not required None Partial Partial
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
412 CVE-2009-2800 119 DoS Exec Code Overflow 2009-09-11 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
413 CVE-2009-2205 119 DoS Exec Code Overflow 2009-09-09 2009-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
414 CVE-2009-1728 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
415 CVE-2009-1727 2009-08-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
416 CVE-2009-1717 189 DoS Exec Code Overflow Mem. Corr. 2009-06-05 2018-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
417 CVE-2009-0944 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
418 CVE-2009-0943 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
419 CVE-2009-0942 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
420 CVE-2009-0161 20 2009-05-13 2017-08-07
6.4
None Remote Low Not required None Partial Partial
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
421 CVE-2009-0160 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
422 CVE-2009-0158 119 DoS Exec Code Overflow 2009-05-13 2016-08-22
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
423 CVE-2009-0157 119 DoS Exec Code Overflow 2009-05-13 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
424 CVE-2009-0155 189 DoS Exec Code Overflow 2009-05-13 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
425 CVE-2009-0154 119 Exec Code Overflow 2009-05-13 2018-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
426 CVE-2009-0145 94 DoS Exec Code Mem. Corr. 2009-05-13 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
427 CVE-2009-0009 119 DoS Exec Code Overflow Mem. Corr. 2009-02-12 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
428 CVE-2008-3646 362 2008-10-10 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users.
429 CVE-2008-3613 399 DoS 2008-09-16 2017-08-07
6.1
None Local Network Low Not required None None Complete
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.
430 CVE-2008-3611 287 Bypass 2008-09-16 2017-08-07
6.3
None Local Medium Not required None Complete Complete
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
431 CVE-2008-2310 134 DoS Exec Code 2008-07-01 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
432 CVE-2008-2309 264 Exec Code 2008-07-01 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
433 CVE-2008-1576 399 DoS Exec Code +Info 2008-06-02 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message.
434 CVE-2008-1032 Exec Code 2008-06-02 2017-08-07
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
435 CVE-2008-0998 264 Exec Code Bypass 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
436 CVE-2008-0997 119 DoS Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
437 CVE-2008-0989 134 Exec Code 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
438 CVE-2008-0060 94 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
439 CVE-2008-0057 189 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
440 CVE-2008-0056 119 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
441 CVE-2008-0054 20 Exec Code 2008-03-18 2017-08-07
6.4
None Remote Low Not required None Partial Partial
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
442 CVE-2008-0052 200 +Info 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
443 CVE-2008-0051 189 Exec Code Overflow 2008-03-18 2017-08-07
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
444 CVE-2008-0048 119 Exec Code Overflow 2008-03-18 2017-08-07
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
445 CVE-2008-0042 94 Exec Code 2008-02-12 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.
446 CVE-2007-5861 399 DoS Exec Code Mem. Corr. 2007-12-19 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
447 CVE-2007-5857 264 +Info 2007-12-19 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
448 CVE-2007-5855 287 2007-12-19 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
449 CVE-2007-5847 362 +Info 2007-12-19 2017-07-28
6.6
None Local Low Not required Complete Complete None
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
450 CVE-2007-4697 DoS Exec Code Mem. Corr. 2007-11-14 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
Total number of vulnerabilities : 478   Page : 1 2 3 4 5 6 7 8 9 (This Page)10
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.