Vulnerabilities > Apple > MAC OS X > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-10-16 | CVE-2009-3282 | Numeric Errors vulnerability in VMWare Fusion Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | 7.8 |
| 2009-10-16 | CVE-2009-3281 | Permissions, Privileges, and Access Controls vulnerability in VMWare Fusion The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | 7.2 |
| 2009-10-13 | CVE-2009-3692 | Local Privilege Escalation vulnerability in Sun VirtualBox VBoxNetAdpCtl Configuration Tool Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | 7.2 |
| 2009-09-14 | CVE-2009-2807 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2009-08-12 | CVE-2009-2200 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | 7.1 |
| 2009-08-06 | CVE-2009-2192 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." | 7.5 |
| 2009-08-06 | CVE-2009-2191 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | 7.5 |
| 2009-08-06 | CVE-2009-2190 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. | 7.8 |
| 2009-08-06 | CVE-2009-0151 | Multiple Security vulnerability in Apple Mac OS X 2009-003 The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | 7.2 |
| 2009-06-16 | CVE-2009-1719 | Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03 The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | 7.5 |