Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-04 | CVE-2008-2320 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Carboncore Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. | 9.3 |
| 2008-08-01 | CVE-2008-3438 | Download of Code Without Integrity Check vulnerability in Apple mac OS X Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 8.1 |
| 2008-07-18 | CVE-2008-2934 | Use of Uninitialized Resource vulnerability in multiple products Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | 8.8 |
| 2008-07-01 | CVE-2008-2314 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | 4.4 |
| 2008-07-01 | CVE-2008-2313 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | 4.6 |
| 2008-07-01 | CVE-2008-2311 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | 7.6 |
| 2008-07-01 | CVE-2008-2310 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code. | 6.8 |
| 2008-07-01 | CVE-2008-2309 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | 6.8 |
| 2008-07-01 | CVE-2008-2308 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information. | 4.6 |
| 2008-06-23 | CVE-2008-2830 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4/10.5 Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | 7.2 |