Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11570 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5681 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 2.6 LOW N/A
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
CVE-2006-5328 2 Apple, Openbase International Ltd 2 Xcode, Openbase 2024-11-21 7.2 HIGH N/A
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
CVE-2006-5327 2 Apple, Openbase International Ltd 2 Xcode, Openbase 2024-11-21 7.2 HIGH N/A
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain TAR_OPTIONS environment variable settings, when gnutar is invoked by OpenBase.
CVE-2006-5051 3 Apple, Debian, Openbsd 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more 2024-11-21 9.3 HIGH 8.1 HIGH
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2006-4965 1 Apple 1 Quicktime 2024-11-21 5.0 MEDIUM N/A
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
CVE-2006-4887 1 Apple 2 Apple Remote Desktop, Mac Os X 2024-11-21 7.2 HIGH N/A
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
CVE-2006-4866 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 4.6 MEDIUM N/A
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
CVE-2006-4413 1 Apple 1 Remote Desktop 2024-11-21 7.2 HIGH N/A
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
CVE-2006-4412 1 Apple 1 Mac Os X 2024-11-21 6.8 MEDIUM N/A
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
CVE-2006-4411 1 Apple 1 Mac Os X 2024-11-21 7.2 HIGH N/A
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
CVE-2006-4410 1 Apple 1 Mac Os X 2024-11-21 7.5 HIGH N/A
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
CVE-2006-4409 1 Apple 1 Mac Os X 2024-11-21 5.0 MEDIUM N/A
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
CVE-2006-4408 1 Apple 1 Mac Os X 2024-11-21 5.0 MEDIUM N/A
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
CVE-2006-4407 1 Apple 1 Mac Os X 2024-11-21 5.0 MEDIUM N/A
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
CVE-2006-4406 1 Apple 1 Mac Os X 2024-11-21 7.5 HIGH N/A
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-4404 1 Apple 1 Mac Os X 2024-11-21 10.0 HIGH N/A
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
CVE-2006-4403 1 Apple 1 Mac Os X 2024-11-21 4.0 MEDIUM N/A
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
CVE-2006-4402 1 Apple 1 Mac Os X 2024-11-21 5.1 MEDIUM N/A
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
CVE-2006-4401 1 Apple 1 Mac Os X 2024-11-21 5.1 MEDIUM N/A
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
CVE-2006-4400 1 Apple 1 Mac Os X 2024-11-21 5.1 MEDIUM N/A
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.