|Improper Restriction of Operations within the Bounds of a Memory Buffer||
|Resource Management Errors|
|Improper Control of Generation of Code ('Code Injection')|
|Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')|
|Improper Input Validation|
|Permissions, Privileges, and Access Controls|
|Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')|
|Uncontrolled Format String|
|Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')|
|Improper Link Resolution Before File Access ('Link Following')|
|Vulnerability||Severity Score||Release Date||Summary|
|CVE-2007-6276||7.8||Dec. 7, 2007||
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
|CVE-2010-0057||7.5||March 30, 2010||
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
|CVE-2010-0063||6.8||March 30, 2010||
|CVE-2010-0497||6.8||March 30, 2010||
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
|CVE-2010-0508||10.0||March 30, 2010||
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
|CVE-2010-0509||7.2||March 30, 2010||
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
|CVE-2010-0525||5.0||March 30, 2010||
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.
|CVE-2009-0010||9.3||May 13, 2009||
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
|CVE-2008-0046||5.0||March 18, 2008||
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
|CVE-2009-0144||4.3||May 13, 2009||
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.