This issue was addressed with improved checks. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. An application may be able to use arbitrary entitlements.
Max CVSS
8.8
EPSS Score
0.42%
Published
2020-04-01
Updated
2020-04-08
A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake.
Max CVSS
7.5
EPSS Score
0.08%
Published
2020-10-27
Updated
2020-11-02
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
Max CVSS
4.9
EPSS Score
0.05%
Published
2009-08-06
Updated
2017-08-17
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
Max CVSS
7.5
EPSS Score
0.67%
Published
2009-08-06
Updated
2017-08-17
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
Max CVSS
7.5
EPSS Score
1.11%
Published
2009-08-06
Updated
2017-08-17
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
Max CVSS
7.8
EPSS Score
3.30%
Published
2009-08-06
Updated
2017-08-17
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
Max CVSS
9.3
EPSS Score
4.77%
Published
2009-08-06
Updated
2017-08-17
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
Max CVSS
6.8
EPSS Score
4.87%
Published
2009-08-06
Updated
2017-08-17
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
Max CVSS
6.8
EPSS Score
2.14%
Published
2009-08-06
Updated
2017-08-17
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
Max CVSS
9.3
EPSS Score
11.45%
Published
2009-08-06
Updated
2017-09-29
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
Max CVSS
4.3
EPSS Score
0.76%
Published
2009-08-06
Updated
2017-08-17
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.07%
Published
2009-08-06
Updated
2017-08-08
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
Max CVSS
4.3
EPSS Score
0.55%
Published
2009-05-13
Updated
2017-08-08
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
Max CVSS
4.9
EPSS Score
0.05%
Published
2006-11-28
Updated
2017-07-29
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!