Apple: >> Mac Os X Server >> 10.4.11 Security Vulnerabilities
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
CVSS Score
7.1
EPSS Score
0.008
Published
2008-06-02
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.064
Published
2008-06-02
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
CVSS Score
9.3
EPSS Score
0.043
Published
2008-06-02
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
CVSS Score
2.1
EPSS Score
0.001
Published
2008-06-02
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
CVSS Score
5.0
EPSS Score
0.005
Published
2008-06-02
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
CVSS Score
4.3
EPSS Score
0.002
Published
2008-06-02
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVSS Score
9.8
EPSS Score
0.545
Published
2008-05-05
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow.
CVSS Score
6.8
EPSS Score
0.044
Published
2008-04-17
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
CVSS Score
6.8
EPSS Score
0.018
Published
2008-03-18
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
CVSS Score
6.4
EPSS Score
0.014
Published
2008-03-18