Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2838 | 1 Apple | 1 Mac Os X | 2009-11-16 | 6.8 MEDIUM | N/A |
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. | |||||
CVE-2009-2833 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 7.5 HIGH | N/A |
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2009-2835 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 4.6 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | |||||
CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.2 MEDIUM | N/A |
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||||
CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 4.9 MEDIUM | N/A |
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
CVE-2009-2808 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 5.4 MEDIUM | N/A |
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | |||||
CVE-2009-2810 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message. | |||||
CVE-2009-2824 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||||
CVE-2009-2825 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 4.3 MEDIUM | N/A |
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2009-2826 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||||
CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 7.5 HIGH | N/A |
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
CVE-2009-2831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 5.8 MEDIUM | N/A |
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||||
CVE-2009-2827 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||||
CVE-2009-2830 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515. | |||||
CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 9.3 HIGH | N/A |
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||||
CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-16 | 4.9 MEDIUM | N/A |
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||||
CVE-2009-3282 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-19 | 7.8 HIGH | N/A |
Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | |||||
CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-18 | 7.2 HIGH | N/A |
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2009-10-13 | 7.6 HIGH | N/A |
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
CVE-2009-2205 | 1 Apple | 5 Java 1.4, Java 1.5, Java 1.6 and 2 more | 2009-09-18 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. |