Product

Apple Mac Os X 10.5.2


View All Versions

Vulnerabilities

Improper Restriction of Operations within the Bounds of a Memory Buffer
Unspecified
Resource Management Errors
Information Exposure
Improper Control of Generation of Code ('Code Injection')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Input Validation
Permissions, Privileges, and Access Controls
Cryptographic Issues
Improper Authentication
Numeric Errors
Credentials Management
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Configuration
Uncontrolled Format String
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Improper Initialization
Improper Link Resolution Before File Access ('Link Following')

Security Grade

268

of 1000

SECURITY GRADE

Vulnerability History

Weakness Analysis

Related Vulnerabilities

more
Vulnerability Severity Score Release Date Summary
CVE-2007-6276 7.8 Dec. 7, 2007

The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.

CVE-2010-0057 7.5 March 30, 2010

AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

CVE-2010-0063 6.8 March 30, 2010

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

CVE-2010-0497 6.8 March 30, 2010

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

CVE-2010-0508 10.0 March 30, 2010

Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.

CVE-2010-0509 7.2 March 30, 2010

SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.

CVE-2010-0525 5.0 March 30, 2010

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.

CVE-2009-0010 9.3 May 13, 2009

Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.

CVE-2008-0046 5.0 March 18, 2008

The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.

CVE-2009-0144 4.3 May 13, 2009

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.

Followers