Vulnerabilities > Apple > MAC OS X Server > 10.5.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-06 | CVE-2009-1726 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. | 9.3 |
2009-08-06 | CVE-2009-1723 | Multiple Security vulnerability in Apple Mac OS X 2009-003 CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. network apple | 4.3 |
2009-08-06 | CVE-2009-0151 | Multiple Security vulnerability in Apple Mac OS X 2009-003 The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | 7.2 |
2009-06-16 | CVE-2009-1719 | Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03 The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | 7.5 |
2009-06-09 | CVE-2009-0949 | Use of Uninitialized Resource vulnerability in multiple products The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | 7.5 |
2009-06-05 | CVE-2009-1717 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. | 6.8 |
2009-05-13 | CVE-2009-0944 | Code Injection vulnerability in Apple mac OS X and mac OS X Server The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | 6.8 |
2009-05-13 | CVE-2009-0943 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
2009-05-13 | CVE-2009-0942 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
2009-05-13 | CVE-2009-0160 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | 6.8 |