Total
5557 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4396 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.6 MEDIUM | N/A |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | |||||
CVE-2007-4689 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 10.0 HIGH | N/A |
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets. | |||||
CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | |||||
CVE-2007-0723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 8.5 HIGH | N/A |
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | |||||
CVE-2007-0740 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.8 MEDIUM | N/A |
Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. | |||||
CVE-2007-4678 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.1 HIGH | N/A |
AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. | |||||
CVE-2006-4395 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." | |||||
CVE-2007-3745 | 1 Apple | 3 Core Audio Technologies, Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 contains an unsafe interface that is exposed by JDirect, which allows remote attackers to free arbitrary memory and thereby execute arbitrary code. | |||||
CVE-2007-4675 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom. | |||||
CVE-2008-1147 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2023-12-10 | 6.8 MEDIUM | N/A |
A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. | |||||
CVE-2007-5855 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.4 MEDIUM | N/A |
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | |||||
CVE-2007-2399 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | |||||
CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
CVE-2007-4694 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||||
CVE-2007-0430 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.9 MEDIUM | N/A |
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. | |||||
CVE-2007-4701 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.1 LOW | N/A |
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||||
CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | |||||
CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
CVE-2006-3508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.2 HIGH | N/A |
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | |||||
CVE-2007-3744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.8 MEDIUM | N/A |
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. |