Total
5557 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. | |||||
CVE-2005-1333 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files. | |||||
CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.1 LOW | N/A |
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||||
CVE-2006-0398 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.1 MEDIUM | N/A |
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | |||||
CVE-2006-0389 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||||
CVE-2006-1447 | 1 Apple | 1 Mac Os X | 2023-12-10 | 5.0 MEDIUM | N/A |
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. | |||||
CVE-2006-1439 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | N/A |
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events. | |||||
CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||||
CVE-2006-3503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.1 MEDIUM | N/A |
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. | |||||
CVE-2005-0125 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.2 HIGH | N/A |
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. | |||||
CVE-2006-1470 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | N/A |
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. | |||||
CVE-2006-1440 | 1 Apple | 1 Mac Os X | 2023-12-10 | 2.1 LOW | N/A |
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. | |||||
CVE-2005-0127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | |||||
CVE-2006-3497 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. | |||||
CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.8 HIGH | N/A |
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | |||||
CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.2 HIGH | N/A |
Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | |||||
CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
CVE-2005-2714 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. |