Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X
Subscriptions
Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2743 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-03 | N/A |
| The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-2742 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting. | ||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | ||||
| CVE-2005-2714 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. | ||||
| CVE-2005-2713 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option. | ||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension. | ||||
| CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2006-3946 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | N/A |
| WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. | ||||
| CVE-2006-1985 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-03 | N/A |
| Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function. | ||||
| CVE-2006-1983 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family. | ||||
| CVE-2006-1982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. | ||||
| CVE-2006-1981 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. | ||||
| CVE-2005-2526 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. | ||||
| CVE-2005-2525 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2025-04-03 | N/A |
| CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). | ||||
| CVE-2005-2524 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-03 | N/A |
| Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | ||||
| CVE-2005-2522 | 1 Apple | 2 Mac Os X, Safari | 2025-04-03 | N/A |
| Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | ||||
| CVE-2005-2515 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | ||||
| CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. | ||||
| CVE-2005-2504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | ||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | ||||