 |
|
|
|
| Apple Mac OS X multiple security vulnerabilities | | Published: |  | 30.05.2008 | | Source: |  | APPLE | | SecurityVulns ID: |  | 9039 | | Type: |  | remote | | Level: |  | 9/10 | | Description: |  | AFP server directory traversal, Apache updates, AppKit memory corruption, Apple Pixlet Video multiple memory corruptions, Apple Type Services PDF printing fonts memory corruption, SSL information leak, multiple vulnerabilities in Graphics and Image engines on different filetypes and multimedia formats, Help Viewer buffer overflow, Unicode content filtering bypass, Image Capture directory traversal, DoS через IPv6, SMTP client buffer overflow, etc. |
| Affected: |  | APPLE : Mac OS X 10.4 | | CVE: |  | CVE-2008-1580 | | | | CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.) | | | | CVE-2008-1577 | | | | CVE-2008-1576 | | | | CVE-2008-1575 | | | | CVE-2008-1574 | | | | CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.) | | | | CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.) | | | | CVE-2008-1571 | | | | CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.) | | | | CVE-2008-1035 | | | | CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.) | | | | CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables.") | | | | CVE-2008-1032 | | | | CVE-2008-1031 | | | | CVE-2008-1030 | | | | CVE-2008-1028 | | | | CVE-2008-1027 | | | | CVE-2008-0177 | | | | CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.) |
|
|
|
|
|
|
|
|
