Total
799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 7.5 HIGH | N/A |
| Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
| CVE-2009-2194 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 4.9 MEDIUM | N/A |
| Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | |||||
| CVE-2009-2193 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 10.0 HIGH | N/A |
| Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet. | |||||
| CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | |||||
| CVE-2009-1723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. | |||||
| CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | |||||
| CVE-2009-2811 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | |||||
| CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
| CVE-2009-0011 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
| Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file. | |||||
| CVE-2009-0013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.1 LOW | N/A |
| dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | |||||
| CVE-2009-0144 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.3 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections. | |||||
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | |||||
| CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
| CVE-2009-0157 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. | |||||
| CVE-2009-0161 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.4 MEDIUM | N/A |
| The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. | |||||
| CVE-2009-0149 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.4 MEDIUM | N/A |
| Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. | |||||
| CVE-2009-0162 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2017-08-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||||
| CVE-2009-0150 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.4 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image. | |||||
| CVE-2009-0141 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.1 LOW | N/A |
| XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | |||||