CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2009

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2843 310 Exec Code 2009-12-08 2011-01-04
5.0
None Remote Low Not required None Partial None
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
2 CVE-2009-2840 2009-11-10 2009-11-17
4.9
None Local Low Not required None Complete None
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
3 CVE-2009-2839 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-12-19
6.8
None Remote Medium Not required Partial Partial Partial
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
4 CVE-2009-2838 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
5 CVE-2009-2837 119 DoS Exec Code Overflow 2009-11-10 2017-09-18
6.8
User Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
6 CVE-2009-2836 362 Bypass 2009-11-10 2009-11-17
6.2
Admin Local High Not required Complete Complete Complete
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
7 CVE-2009-2835 20 DoS +Priv +Info 2009-11-10 2009-11-17
4.6
None Local Low Not required Partial Partial Partial
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
8 CVE-2009-2834 264 2009-11-10 2009-11-17
4.9
None Local Low Not required None Complete None
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
9 CVE-2009-2833 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
10 CVE-2009-2831 Exec Code 2009-11-10 2009-11-17
5.8
None Local Network Low Not required Partial Partial Partial
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
11 CVE-2009-2830 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
12 CVE-2009-2828 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
7.5
None Remote Low Not required Partial Partial Partial
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
13 CVE-2009-2827 119 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
14 CVE-2009-2826 189 DoS Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
15 CVE-2009-2825 310 2009-11-10 2009-11-17
4.3
None Remote Medium Not required None Partial None
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
16 CVE-2009-2824 119 Exec Code Overflow 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
17 CVE-2009-2823 79 XSS 2009-11-10 2009-11-24
4.3
None Remote Medium Not required None Partial None
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
18 CVE-2009-2820 79 XSS Http R.Spl. 2009-11-10 2017-09-18
4.3
None Remote Medium Not required None Partial None
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
19 CVE-2009-2819 399 DoS Exec Code Mem. Corr. 2009-11-10 2009-11-17
9.3
None Remote Medium Not required Complete Complete Complete
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
20 CVE-2009-2813 264 Bypass 2009-09-14 2017-09-18
6.0
None Remote Medium Single system Partial Partial Partial
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
21 CVE-2009-2812 Exec Code 2009-09-14 2012-10-22
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.
22 CVE-2009-2811 94 Exec Code 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
23 CVE-2009-2810 Exec Code 2009-11-10 2009-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.
24 CVE-2009-2809 94 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
25 CVE-2009-2808 310 Exec Code 2009-11-10 2009-11-17
5.4
None Local Network Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
26 CVE-2009-2807 119 Overflow +Priv 2009-09-14 2017-08-16
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
27 CVE-2009-2805 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
28 CVE-2009-2804 189 DoS Exec Code Overflow 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
29 CVE-2009-2803 399 DoS Exec Code Mem. Corr. 2009-09-14 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
30 CVE-2009-2800 119 DoS Exec Code Overflow 2009-09-11 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
31 CVE-2009-2205 119 DoS Exec Code Overflow 2009-09-09 2009-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
32 CVE-2009-2196 2009-08-12 2009-08-18
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
33 CVE-2009-2194 DoS 2009-08-06 2017-08-16
4.9
None Local Low Not required None None Complete
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
34 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
35 CVE-2009-2192 255 2009-08-06 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
36 CVE-2009-2191 134 DoS Exec Code 2009-08-06 2017-08-16
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
37 CVE-2009-2190 399 DoS 2009-08-06 2017-08-16
7.8
None Remote Low Not required None None Complete
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
38 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
39 CVE-2009-1728 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
40 CVE-2009-1727 2009-08-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
41 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
42 CVE-2009-1723 2009-08-06 2017-08-16
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
43 CVE-2009-1717 189 DoS Exec Code Overflow Mem. Corr. 2009-06-05 2017-08-16
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
44 CVE-2009-1238 362 DoS Mem. Corr. 2009-04-02 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable.
45 CVE-2009-1237 399 DoS 2009-04-02 2017-09-28
4.9
None Local Low Not required None None Complete
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
46 CVE-2009-1236 119 DoS Overflow 2009-04-02 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
47 CVE-2009-1235 264 +Priv 2009-04-02 2017-09-28
7.2
None Local Low Not required Complete Complete Complete
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
48 CVE-2009-0944 94 DoS Exec Code Mem. Corr. 2009-05-13 2009-05-16
6.8
None Remote Medium Not required Partial Partial Partial
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.
49 CVE-2009-0943 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
50 CVE-2009-0942 20 Exec Code 2009-05-13 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
Total number of vulnerabilities : 81   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.