Filtered by vendor Apple
Subscribe
Total
13303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1441 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
|
|||||
| CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
|
|||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
|
|||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
|
|||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
|
|||||
| CVE-2006-1988 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.
|
|||||
| CVE-2006-1983 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
|
|||||
| CVE-2005-1720 | 1 Apple | 1 Afp Server | 2025-04-03 | 2.1 LOW | N/A |
|
AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.
|
|||||
| CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
|
|||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
|
|||||
| CVE-2006-1458 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
|
|||||
| CVE-2003-0878 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
|
|||||
| CVE-2006-1552 | 1 Apple | 4 Imageio, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
|
|||||
| CVE-2004-0515 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
|
|||||
| CVE-2005-1474 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.
|
|||||
| CVE-2005-2746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
|
|||||
| CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.6 HIGH | N/A |
|
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
|
|||||
| CVE-2005-0903 | 1 Apple | 1 Quicktime Pictureviewer | 2025-04-03 | 2.6 LOW | N/A |
|
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
|
|||||
| CVE-2006-1440 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.
|
|||||
| CVE-2004-0513 | 1 Apple | 1 Mac Os X | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
|
|||||
| CVE-2006-0396 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
|
|||||
| CVE-2004-0922 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
|
|||||
| CVE-2005-4678 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-0051 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
|
|||||
| CVE-2006-3500 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
|
|||||
| CVE-2001-1575 | 1 Apple | 1 Personal Web Sharing | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
|
|||||
| CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
|
|||||
| CVE-2006-3495 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
|
|||||
| CVE-2003-0055 | 1 Apple | 1 Quicktime Darwin Mp3 Broadcaster | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
|
|||||
| CVE-2005-1333 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files.
|
|||||
| CVE-2006-0388 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.6 LOW | N/A |
|
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
|
|||||
| CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | 7.5 HIGH | N/A |
|
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
|
|||||
| CVE-2006-1467 | 1 Apple | 1 Itunes | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
|
|||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
|
|||||
| CVE-2005-0974 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
|
|||||
| CVE-2005-0715 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
|
|||||
| CVE-2005-2195 | 1 Apple | 1 Darwin Streaming Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
|
|||||
| CVE-2005-3712 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
|
|||||
| CVE-2006-0382 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
|
|||||