Vulnerabilities > Apple > MAC OS X > 10.5.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-05 | CVE-2009-1717 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow. | 6.8 |
2009-05-13 | CVE-2009-0945 | Code Injection vulnerability in Apple Safari Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | 9.3 |
2009-05-13 | CVE-2009-0944 | Code Injection vulnerability in Apple mac OS X and mac OS X Server The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | 6.8 |
2009-05-13 | CVE-2009-0943 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
2009-05-13 | CVE-2009-0942 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | 6.8 |
2009-05-13 | CVE-2009-0162 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | 4.3 |
2009-05-13 | CVE-2009-0161 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate. | 6.4 |
2009-05-13 | CVE-2009-0160 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | 6.8 |
2009-05-13 | CVE-2009-0158 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. | 6.8 |
2009-05-13 | CVE-2009-0157 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers. | 6.8 |