Filtered by vendor Apple Subscriptions
Total 14575 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-3713 1 Apple 1 Quicktime 2026-04-16 N/A
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
CVE-2004-0089 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
CVE-2003-0088 1 Apple 1 Mac Os X 2026-04-16 N/A
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
CVE-2005-3707 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
CVE-2002-0656 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2026-04-16 N/A
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
CVE-2002-0666 6 Apple, Freebsd, Frees Wan and 3 more 12 Mac Os X, Mac Os X Server, Freebsd and 9 more 2026-04-16 N/A
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVE-2002-0676 1 Apple 1 Mac Os X 2026-04-16 N/A
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVE-2001-0102 1 Apple 1 Macos 2026-04-16 N/A
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
CVE-2001-0198 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
CVE-2005-1340 1 Apple 1 Mac Os X 2026-04-16 N/A
The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.
CVE-2005-1330 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.
CVE-2005-1331 1 Apple 3 Applescript, Mac Os X, Mac Os X Server 2026-04-16 N/A
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
CVE-2005-1722 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.
CVE-2005-0342 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
CVE-2004-0824 1 Apple 1 Mac Os X 2026-04-16 N/A
PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
CVE-2004-0517 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
CVE-2004-0361 1 Apple 1 Safari 2026-04-16 N/A
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.
CVE-2005-0234 1 Apple 1 Safari 2026-04-16 N/A
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-1999-1543 1 Apple 1 Macos 2026-04-16 N/A
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
CVE-2005-0125 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.