Vulnerabilities > Apple > MAC OS X > 10.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-09-16 | CVE-2008-3609 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | 7.2 |
2008-09-16 | CVE-2008-3608 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile. | 9.3 |
2008-09-16 | CVE-2008-2332 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | 9.3 |
2008-09-16 | CVE-2008-2331 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | 5.0 |
2008-09-16 | CVE-2008-2329 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | 1.9 |
2008-09-16 | CVE-2008-2305 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names." | 9.3 |
2008-09-11 | CVE-2008-3629 | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | 4.3 |
2008-09-11 | CVE-2008-3624 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted panorama atoms. | 6.8 |
2008-08-01 | CVE-2008-3438 | Download of Code Without Integrity Check vulnerability in Apple mac OS X Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 8.1 |
2008-07-01 | CVE-2008-2314 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | 4.4 |