Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3609 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
|
|||||
| CVE-2009-2824 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
|
|||||
| CVE-2008-4223 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors.
|
|||||
| CVE-2009-0149 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
|
|||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.9 LOW | N/A |
|
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
|
|||||
| CVE-2009-0139 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow.
|
|||||
| CVE-2009-2813 | 3 Apple, Fedoraproject, Samba | 4 Mac Os X, Mac Os X Server, Fedora and 1 more | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
|
|||||
| CVE-2006-6126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
|
|||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
|
|||||
| CVE-2008-0988 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
|
|||||
| CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
|
|||||
| CVE-2009-1726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
|
|||||
| CVE-2008-4222 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
|
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
|
|||||
| CVE-2009-2800 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
|
|||||
| CVE-2009-1723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
|
|||||
| CVE-2008-0063 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
|
The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values."
|
|||||
| CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
|
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file.
|
|||||
| CVE-2007-0117 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
|
|||||
| CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
|
|||||
| CVE-2009-2831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
|
|||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
|
|||||
| CVE-2008-0046 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
|
|||||
| CVE-2007-0229 | 2 Apple, Freebsd | 3 Mac Os X, Mac Os X Server, Freebsd | 2025-04-09 | 7.2 HIGH | N/A |
|
Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
|
|||||
| CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.
|
|||||
| CVE-2007-3747 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet.
|
|||||
| CVE-2007-2407 | 2 Apple, Samba | 3 Mac Os X, Mac Os X Server, Samba Server | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
|
|||||
| CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
|
|||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.2 MEDIUM | N/A |
|
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
|
|||||
| CVE-2008-1036 | 2 Apple, Redhat | 3 Mac Os X, Mac Os X Server, Enterprise Linux | 2025-04-09 | 4.3 MEDIUM | N/A |
|
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
|
|||||
| CVE-2007-0731 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
|
|||||
| CVE-2009-0013 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
|
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
|
|||||
| CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.
|
|||||
| CVE-2007-4697 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
|
|||||
| CVE-2009-1237 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
|
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
|
|||||
| CVE-2008-3647 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a PostScript file with a crafted bounding box comment.
|
|||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 8.5 HIGH | N/A |
|
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
|
|||||
| CVE-2006-5051 | 3 Apple, Debian, Openbsd | 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more | 2025-04-09 | 9.3 HIGH | 8.1 HIGH |
|
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
|
|||||
| CVE-2008-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
|
|||||
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
|
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
|
|||||
| CVE-2009-0150 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
|
|||||