Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-0995 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.6 LOW | N/A |
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.6 LOW | N/A |
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||||
CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.0 MEDIUM | N/A |
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
CVE-2008-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 1.9 LOW | N/A |
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications. | |||||
CVE-2008-0048 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||||
CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.0 MEDIUM | N/A |
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | |||||
CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.1 HIGH | N/A |
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||||
CVE-2008-0044 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | |||||
CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||||
CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||||
CVE-2008-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | |||||
CVE-2008-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||||
CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.2 HIGH | N/A |
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.4 MEDIUM | N/A |
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||||
CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||||
CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.9 MEDIUM | N/A |
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
CVE-2007-6359 | 1 Apple | 1 Mac Os X | 2017-08-07 | 4.9 MEDIUM | N/A |
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. | |||||
CVE-2007-6261 | 1 Apple | 1 Mac Os X | 2017-08-07 | 4.9 MEDIUM | N/A |
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | |||||
CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2017-08-07 | 6.8 MEDIUM | N/A |
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. |