Apple macOS vulnerabilities

CVE-2008-3621 [CRITICAL] CWE-399 CVE-2008-3621: VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.

CVE-2008-2305 [CRITICAL] CWE-119 CVE-2008-2305: Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 1 Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."

CVE-2008-3608 [CRITICAL] CWE-399 CVE-2008-3608: ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to caus ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted JPEG image with an embedded ICC profile.

CVE-2008-3618 [CRITICAL] CWE-264 CVE-2008-3618: The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended.

CVE-2008-2332 [CRITICAL] CWE-399 CVE-2008-2332: ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to caus ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.

CVE-2008-3610 [HIGH] CWE-287 CVE-2008-3610: Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.

CVE-2008-3609 [HIGH] CWE-264 CVE-2008-3609: The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during r The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.

CVE-2008-2312 [MEDIUM] CWE-255 CVE-2008-2312: Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.

CVE-2008-2331 [MEDIUM] CWE-264 CVE-2008-2331: Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Inf Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.

CVE-2008-3622 [MEDIUM] CWE-79 CVE-2008-3622: Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

CVE-2008-3617 [MEDIUM] CWE-255 CVE-2008-3617: Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a passw Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer.

CVE-2008-3611 [MEDIUM] CWE-287 CVE-2008-3611: Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a passw Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

CVE-2008-3613 [MEDIUM] CWE-399 CVE-2008-3613: Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network.

CVE-2008-3619 [LOW] CWE-264 CVE-2008-3619: Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files.

CVE-2008-2329 [LOW] CWE-200 CVE-2008-2329: Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows atta Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.

CVE-2008-3529 [CRITICAL] CWE-119 CVE-2008-3529: Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7 Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

CVE-2008-2939 [MEDIUM] CWE-79 CVE-2008-2939: Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.

CVE-2008-2324 [MEDIUM] CWE-264 CVE-2008-2324: The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the ema The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.

CVE-2008-3438 [HIGH] CWE-494 CVE-2008-3438: Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

CVE-2008-2311 [HIGH] CWE-59 CVE-2008-2311: Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attack Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.