Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-10 | CVE-2008-3646 | Race Condition vulnerability in Apple mac OS X 10.5.5 The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | 6.8 |
| 2008-10-10 | CVE-2008-3645 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. | 7.2 |
| 2008-10-10 | CVE-2008-3643 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-007 Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." | 7.8 |
| 2008-10-10 | CVE-2008-3642 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. | 9.3 |
| 2008-10-10 | CVE-2008-3641 | Resource Management Errors vulnerability in Apple Cups The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | 10.0 |
| 2008-10-08 | CVE-2008-4491 | Information Exposure vulnerability in Apple Mail 3.5 Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | 5.0 |
| 2008-10-01 | CVE-2008-4368 | Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5 The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | 5.0 |
| 2008-09-26 | CVE-2008-3638 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | 9.3 |
| 2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
| 2008-09-18 | CVE-2008-4116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | 9.3 |