Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message.
Max CVSS
9.3
EPSS Score
4.59%
Published
2008-12-17
Updated
2017-08-08
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
Max CVSS
10.0
EPSS Score
0.35%
Published
2008-12-17
Updated
2011-03-08
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
Max CVSS
10.0
EPSS Score
0.51%
Published
2008-12-17
Updated
2011-03-08
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
12.51%
Published
2008-12-17
Updated
2011-03-08
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
Max CVSS
10.0
EPSS Score
3.55%
Published
2008-10-10
Updated
2021-05-23
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
Max CVSS
9.3
EPSS Score
1.78%
Published
2008-10-10
Updated
2017-08-08
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2008-10-10
Updated
2017-08-08
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile.
Max CVSS
9.3
EPSS Score
4.29%
Published
2008-10-10
Updated
2017-08-08
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
Max CVSS
9.3
EPSS Score
2.38%
Published
2008-09-26
Updated
2024-02-15
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
Max CVSS
10.0
EPSS Score
94.33%
Published
2008-09-12
Updated
2023-02-13
10 vulnerabilities found