Vulnerabilities > Apple > MAC OS X
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-12 | CVE-2008-0037 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5/10.5.1 X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | 4.3 |
2008-01-18 | CVE-2007-6427 | Out-Of-Bounds Write vulnerability in multiple products The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990. | 9.3 |
2008-01-16 | CVE-2008-0298 | Improper Input Validation vulnerability in Apple Safari KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | 4.3 |
2008-01-10 | CVE-2008-0226 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp. | 7.5 |
2007-12-19 | CVE-2007-5863 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | 9.3 |
2007-12-19 | CVE-2007-5861 | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | 6.8 |
2007-12-19 | CVE-2007-5860 | Multiple Security vulnerability in Apple Mac OS X v10.5.1 2007-009 Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | 7.2 |
2007-12-19 | CVE-2007-5859 | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | 9.3 |
2007-12-19 | CVE-2007-5857 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | 6.4 |
2007-12-19 | CVE-2007-5856 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | 9.4 |