Product:

Mac_os_x

(Apple)
Date Id Summary Products Score Patch Annotated
2008-03-19 CVE-2008-0063 The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Fedora, Kerberos_5, Opensuse, Linux, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit 7.5
2008-07-18 CVE-2008-2934 Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mac_os_x, Ubuntu_linux 8.8
2009-07-31 CVE-2009-1721 The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer. Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Openexr, Opensuse N/A
2009-06-09 CVE-2009-0949 The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. Cups, Mac_os_x, Mac_os_x_server, Ubuntu_linux, Debian_linux, Opensuse, Linux_enterprise 7.5
2011-06-24 CVE-2011-0199 The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. Mac_os_x, Mac_os_x_server 5.9
2014-02-22 CVE-2014-1266 The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Iphone_os, Mac_os_x, Tvos 7.4
2021-04-02 CVE-2021-1782 A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. Ipados, Iphone_os, Mac_os_x, Macos, Tvos, Watchos 7.0
2003-08-27 CVE-2003-0466 Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Mac_os_x, Mac_os_x_server, Freebsd, Netbsd, Openbsd, Wu_ftpd, Solaris, Wu\-Ftpd 9.8
2010-06-22 CVE-2010-1637 The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. Mac_os_x, Mac_os_x_server, Fedora, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Squirrelmail 6.5
2004-12-03 CVE-2004-1083 Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. Darwin_streaming_server, Mac_os_x, Mac_os_x_server, Quicktime_streaming_server 7.5