Total
817 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.1 MEDIUM | N/A |
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. | |||||
CVE-2004-0924 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2024-02-28 | 5.0 MEDIUM | N/A |
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. | |||||
CVE-2006-1469 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. | |||||
CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||||
CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.1 LOW | N/A |
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||||
CVE-2005-2502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 5.1 MEDIUM | N/A |
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. | |||||
CVE-2005-2749 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.1 LOW | N/A |
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. | |||||
CVE-2005-0972 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters. | |||||
CVE-2005-1343 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. | |||||
CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.1 LOW | N/A |
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | |||||
CVE-2005-4504 | 1 Apple | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2024-02-28 | 7.8 HIGH | N/A |
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag. | |||||
CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||||
CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
CVE-2005-0713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. | |||||
CVE-2005-2747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.5 HIGH | N/A |
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | |||||
CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 7.2 HIGH | N/A |
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | |||||
CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.1 LOW | N/A |
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||||
CVE-2005-2741 | 2 Apple, Perry Kiehtreiber | 3 Mac Os X, Mac Os X Server, Securityd | 2024-02-28 | 7.2 HIGH | N/A |
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||||
CVE-2006-1457 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 2.6 LOW | N/A |
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. |