Vulnerabilities > Apple > MAC OS X > 10.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-23 | CVE-2008-2307 | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | 9.3 |
2008-06-02 | CVE-2008-1573 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | 7.1 |
2008-05-05 | CVE-2008-0599 | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |
2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |
2008-03-04 | CVE-2008-1148 | A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. | 6.8 |
2008-03-04 | CVE-2008-1146 | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. | 6.8 |
2008-01-18 | CVE-2007-6427 | Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | 9.3 |
2007-12-18 | CVE-2007-5862 | Improper Authentication vulnerability in Apple mac OS X Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | 9.4 |
2007-11-15 | CVE-2007-4701 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | 2.1 |
2007-11-15 | CVE-2007-4700 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors. | 7.5 |