Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2422 2Apple Rubyonrails 3Mac Os X Mac Os X ServerRuby On Rails Apr 23, 2026 Jul 10, 2009 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the use...Show more The example code for the digest authentication functionality (http_authentication.rb) in Ruby on Rails before 2.3.3 defines an authenticate_or_request_with_http_digest block that returns nil instead of false when the user does not exist, which allows context-dependent attackers to bypass authentication for applications that are derived from this example by sending an invalid username without a password.Show less
CVE-2009-0949 5Apple CanonicalDebian+2 more 7Cups Debian LinuxLinux Enterprise+4 more Apr 23, 2026 Jun 9, 2009 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and da...Show more The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.Show less
CVE-2009-1955 7Apache AppleCanonical+4 more 8Apr Util Debian LinuxFedora+5 more Apr 23, 2026 Jun 8, 2009 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of ser...Show more The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.Show less
CVE-2009-1717 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 5, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI...Show more Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.Show less
CVE-2009-0944 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a...Show more The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.Show less
CVE-2009-0943 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that trigger...Show more Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.Show less
CVE-2009-0942 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a...Show more Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.Show less
CVE-2009-0161 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate au...Show more The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.Show less
CVE-2009-0160 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corrupti...Show more QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.Show less
CVE-2009-0158 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet s...Show more Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.Show less
CVE-2009-0157 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
CVE-2009-0156 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.
CVE-2009-0155 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of s...Show more Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.Show less
CVE-2009-0154 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.
CVE-2009-0153 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and pos...Show more International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.Show less
CVE-2009-0152 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain s...Show more iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.Show less
CVE-2009-0150 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
CVE-2009-0149 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
CVE-2009-0145 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (a...Show more CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.Show less
CVE-2009-0144 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 13, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are...Show more CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.Show less

Previous 1...132133134...161 Next