Vulnerabilities > Apple > MAC OS X > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-09-16 | CVE-2008-3610 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | 7.6 |
| 2008-09-16 | CVE-2008-3609 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | 7.2 |
| 2008-08-04 | CVE-2008-2323 | Resource Management Errors vulnerability in Apple Data Detectors Engine Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. | 7.1 |
| 2008-08-01 | CVE-2008-3438 | Download of Code Without Integrity Check vulnerability in Apple mac OS X Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. | 8.1 |
| 2008-07-18 | CVE-2008-2934 | Use of Uninitialized Resource vulnerability in multiple products Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | 8.8 |
| 2008-07-01 | CVE-2008-2311 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file. | 7.6 |
| 2008-06-23 | CVE-2008-2830 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.4/10.5 Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | 7.2 |
| 2008-06-02 | CVE-2008-1573 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | 7.1 |
| 2008-03-19 | CVE-2008-0063 | Use of Uninitialized Resource vulnerability in multiple products The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | 7.5 |