Vulnerabilities > Apple > MAC OS X Server > 10.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-13 | CVE-2009-0149 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption. | 4.4 |
| 2009-05-13 | CVE-2009-0145 | Code Injection vulnerability in Apple mac OS X and mac OS X Server CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | 6.8 |
| 2009-05-13 | CVE-2009-0010 | Numeric Errors vulnerability in Apple mac OS X Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow. | 9.3 |
| 2009-05-13 | CVE-2008-1517 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. | 7.2 |
| 2009-04-02 | CVE-2009-1238 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads, which is problematic because of lack of mutex locking for an unspecified global variable. | 7.2 |
| 2009-04-02 | CVE-2009-1237 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. | 4.9 |
| 2009-04-02 | CVE-2009-1236 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member. | 10.0 |
| 2009-04-02 | CVE-2009-1235 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls. | 7.2 |
| 2008-12-17 | CVE-2008-4237 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-008 Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting. | 10.0 |
| 2008-12-17 | CVE-2008-4236 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. | 7.1 |