Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1439 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
|
|||||
| CVE-2004-0821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
|
|||||
| CVE-2005-1336 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.
|
|||||
| CVE-2006-0386 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 1.7 LOW | N/A |
|
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
|
|||||
| CVE-2003-0378 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
|
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
|
|||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
|
|||||
| CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
|
|||||
| CVE-2004-0926 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2025-04-03 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
|
|||||
| CVE-2006-1466 | 1 Apple | 2 Mac Os X, Xcode | 2025-04-03 | 4.0 MEDIUM | N/A |
|
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.
|
|||||
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
|
|||||
| CVE-2006-1981 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.
|
|||||
| CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
|
|||||
| CVE-2002-1266 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
|
|||||
| CVE-2003-0201 | 6 Apple, Compaq, Hp and 3 more | 8 Mac Os X, Tru64, Cifs-9000 Server and 5 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
|
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
|
|||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.8 HIGH | N/A |
|
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
|
|||||
| CVE-2005-2747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
|
|||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.
|
|||||
| CVE-2005-1337 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.
|
|||||
| CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
|
|||||
| CVE-2001-0766 | 2 Apache, Apple | 2 Http Server, Mac Os X | 2025-04-03 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.
|
|||||
| CVE-2001-1411 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.2 HIGH | N/A |
|
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
|
|||||
| CVE-2003-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
|
|||||
| CVE-2003-0804 | 3 Apple, Freebsd, Openbsd | 4 Mac Os X, Mac Os X Server, Freebsd and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
|
|||||
| CVE-2002-1265 | 3 Apple, Gnu, Sgi | 4 Mac Os X, Mac Os X Server, Glibc and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
|
|||||
| CVE-2005-0342 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
|
|||||
| CVE-2004-0430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
|
|||||
| CVE-2006-1982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
|
|||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
|
|||||
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.
|
|||||
| CVE-2004-1083 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
|
|||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
|
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
|
|||||
| CVE-2006-0398 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
|
|||||
| CVE-2002-1898 | 1 Apple | 2 Mac Os X, Terminal | 2025-04-03 | 7.2 HIGH | N/A |
|
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
|
|||||
| CVE-2002-0666 | 6 Apple, Freebsd, Frees Wan and 3 more | 12 Mac Os X, Mac Os X Server, Freebsd and 9 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
|
|||||
| CVE-2004-0168 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
|
|||||
| CVE-2004-0089 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
|
|||||
| CVE-2006-3507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
|
|||||
| CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
|
|||||
| CVE-2002-1367 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | 10.0 HIGH | N/A |
|
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
|
|||||