Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X
Subscriptions
Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | ||||
| CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | ||||
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | ||||
| CVE-2007-2404 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. | ||||
| CVE-2007-2409 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2025-04-09 | N/A |
| Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. | ||||
| CVE-2006-6353 | 1 Apple | 3 Bomarchivehelper, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | ||||
| CVE-2007-3746 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not properly check the bounds of heap read and write operations, which allows remote attackers to execute arbitrary code via a crafted applet. | ||||
| CVE-2007-3749 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 High |
| The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process. | ||||
| CVE-2007-3747 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 does not restrict object instantiation and manipulation to valid heap addresses, which allows remote attackers to execute arbitrary code via a crafted applet. | ||||
| CVE-2007-3748 | 1 Apple | 3 Ichat, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | ||||
| CVE-2007-0647 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function. | ||||
| CVE-2006-4390 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. | ||||
| CVE-2009-3692 | 3 Apple, Linux, Sun | 5 Mac Os X, Linux Kernel, Opensolaris and 2 more | 2025-04-09 | N/A |
| Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | ||||
| CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | ||||
| CVE-2007-4691 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | ||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | ||||
| CVE-2007-4704 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | ||||
| CVE-2008-1026 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | N/A |
| Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | ||||
| CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2025-04-09 | N/A |
| Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | ||||