Vulnerabilities > Apple > MAC OS X
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-18 | CVE-2008-0046 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. | 5.0 |
| 2008-03-18 | CVE-2008-0045 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | 7.1 |
| 2008-03-18 | CVE-2008-0044 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. | 5.8 |
| 2008-03-04 | CVE-2008-1148 | A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. | 6.8 |
| 2008-03-04 | CVE-2008-1146 | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. | 6.8 |
| 2008-02-12 | CVE-2008-0042 | Code Injection vulnerability in Apple mac OS X 10.4.11/10.5/10.5.1 Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | 6.8 |
| 2008-02-12 | CVE-2008-0041 | Information Exposure vulnerability in Apple mac OS X 10.5/10.5.1 Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | 5.0 |
| 2008-02-12 | CVE-2008-0040 | Resource Management Errors vulnerability in Apple mac OS X 10.5/10.5.1 Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. | 10.0 |
| 2008-02-12 | CVE-2008-0039 | Code Injection vulnerability in Apple Mail Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | 6.8 |
| 2008-02-12 | CVE-2008-0038 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5/10.5.1 Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | 1.9 |