Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-1573 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bo...Show more The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.Show less
CVE-2008-1572 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
CVE-2008-1571 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
CVE-2008-1036 2Apple Redhat 3Enterprise Linux Mac Os XMac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character e...Show more The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.Show less
CVE-2008-1034 1Apple 1Mac Os X Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overfl...Show more Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.Show less
CVE-2008-1032 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for...Show more Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.Show less
CVE-2008-1031 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
CVE-2008-1030 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) vi...Show more Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.Show less
CVE-2008-1028 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstra...Show more Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.Show less
CVE-2008-1027 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 2, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP...Show more Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.Show less
CVE-2008-0599 4Apple CanonicalFedoraproject+1 more 5Fedora Mac Os XMac Os X Server+2 more Apr 23, 2026 May 5, 2008 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbit...Show more The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.Show less
CVE-2008-0063 7Apple CanonicalDebian+4 more 11Debian Linux FedoraKerberos 5+8 more Apr 23, 2026 Mar 19, 2008 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "...Show more The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."Show less
CVE-2008-1000 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 8.5 HIGH· v2 Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
CVE-2008-0999 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 7.1 HIGH· v2 Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.
CVE-2008-0998 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
CVE-2008-0996 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 1.7 LOW· v2 The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
CVE-2008-0995 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 2.6 LOW· v2 The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
CVE-2008-0994 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 2.6 LOW· v2 Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
CVE-2008-0992 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
CVE-2008-0990 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Mar 18, 2008 N/A· v4 N/A· v3 4.4 MEDIUM· v2 notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent oth...Show more notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.Show less

Previous 1...137138139...161 Next