Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2804 1Apple 3Mac Os X Mac Os X ServerSafari Apr 23, 2026 Sep 14, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Col...Show more Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.Show less
CVE-2009-2803 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Sep 14, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
CVE-2009-2800 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Sep 11, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
CVE-2009-2205 1Apple 5Java 1.4 Java 1.5Java 1.6+2 more Apr 23, 2026 Sep 9, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vec...Show more Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Show less
CVE-2009-3095 6Apache AppleDebian+3 more 7Debian Linux FedoraHttp Server+4 more Apr 23, 2026 Sep 8, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the...Show more The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.Show less
CVE-2009-2474 4Apple CanonicalFedoraproject+1 more 4Fedora Mac Os XNeon+1 more Apr 23, 2026 Aug 21, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to...Show more neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2009-2196 2Apple Microsoft 5Mac Os X Mac Os X ServerSafari+2 more Apr 23, 2026 Aug 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
CVE-2009-2416 11Apple CanonicalDebian+8 more 19Chrome Debian LinuxEnterprise Linux+16 more Apr 23, 2026 Aug 11, 2009 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notatio...Show more Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.Show less
CVE-2009-2194 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket...Show more Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."Show less
CVE-2009-2193 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
CVE-2009-2192 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related...Show more MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."Show less
CVE-2009-2191 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an...Show more Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.Show less
CVE-2009-2190 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 7.8 HIGH· v2 launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
CVE-2009-2188 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF...Show more Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.Show less
CVE-2009-1728 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (...Show more Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.Show less
CVE-2009-1727 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content...Show more Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.Show less
CVE-2009-1726 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing a...Show more Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.Show less
CVE-2009-1723 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary...Show more CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.Show less
CVE-2009-0151 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 6, 2009 N/A· v4 N/A· v3 7.2 HIGH· v2 The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via u...Show more The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.Show less
CVE-2009-1721 6Apple CanonicalDebian+3 more 6Debian Linux FedoraMac Os X+3 more Apr 23, 2026 Jul 31, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via ve...Show more The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.Show less

Previous 1...131132133...161 Next