Filtered by vendor Apple
Subscribe
Total
13303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0873 | 1 Apple | 2 Ichat, Ichat Av | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
|
|||||
| CVE-2001-1412 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
|
|||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
|
|||||
| CVE-2005-2753 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
|
|||||
| CVE-2004-1122 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
|
|||||
| CVE-2005-0971 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
|
|||||
| CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
|
|||||
| CVE-2005-2340 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
|
|||||
| CVE-2006-1462 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
|
|||||
| CVE-2006-1469 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.
|
|||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2005-0712 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.
|
|||||
| CVE-2000-0346 | 1 Apple | 1 Appleshare | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
|
|||||
| CVE-2006-1985 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
|
|||||
| CVE-2004-1089 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
|
|||||
| CVE-2003-0601 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
|
|||||
| CVE-2005-2750 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
|
|||||
| CVE-2006-1473 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
|
|||||
| CVE-2005-4504 | 1 Apple | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-03 | 7.8 HIGH | N/A |
|
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
|
|||||
| CVE-2005-3713 | 1 Apple | 1 Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
|
|||||
| CVE-2001-0720 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
|
|||||
| CVE-2005-2521 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-2006-4887 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
|
|||||
| CVE-2005-4217 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
|
|||||
| CVE-2005-3701 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
|
|||||
| CVE-2005-2526 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 5.0 MEDIUM | N/A |
|
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
|
|||||
| CVE-2005-0973 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
|
|||||
| CVE-2005-1723 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions.
|
|||||
| CVE-2005-0969 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
|
|||||
| CVE-2005-3714 | 1 Apple | 2 Airport Express, Airport Extreme | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
|
|||||
| CVE-2003-0877 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
|
|||||
| CVE-2005-1330 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.9 MEDIUM | N/A |
|
AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
|
|||||
| CVE-2003-0050 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 7.5 HIGH | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
|
|||||
| CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
|
|||||
| CVE-2003-1007 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
|
|||||
| CVE-2005-2512 | 1 Apple | 2 Mac Os X, Mail | 2025-04-03 | 2.1 LOW | N/A |
|
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
|
|||||
| CVE-2005-2743 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
|
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2005-2519 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
|
|||||
| CVE-2006-1987 | 1 Apple | 1 Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher, it is unclear which vector is responsible.
|
|||||
| CVE-2006-1471 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file.
|
|||||