Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5557 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2509 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 2.1 LOW N/A
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
CVE-2005-2748 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 2.1 LOW N/A
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
CVE-2006-1468 1 Apple 1 Mac Os X 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.
CVE-2006-1443 1 Apple 1 Mac Os X 2023-12-10 6.5 MEDIUM N/A
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions.
CVE-2006-1982 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
CVE-2006-1985 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2023-12-10 5.1 MEDIUM N/A
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
CVE-2005-2194 1 Apple 1 Mac Os X 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
CVE-2005-1260 4 Apple, Bzip, Canonical and 1 more 4 Mac Os X, Bzip2, Ubuntu Linux and 1 more 2023-12-10 5.0 MEDIUM N/A
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVE-2005-0972 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.2 HIGH N/A
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
CVE-2005-0975 2 Apple, Opendarwin 3 Mac Os X, Mac Os X Server, Darwin Kernel 2023-12-10 2.1 LOW N/A
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
CVE-2005-2743 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2023-12-10 7.5 HIGH N/A
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
CVE-2005-3712 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.5 MEDIUM N/A
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
CVE-2005-1726 1 Apple 1 Mac Os X 2023-12-10 4.6 MEDIUM N/A
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
CVE-2006-1981 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 2.1 LOW N/A
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.
CVE-2006-1220 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.6 MEDIUM N/A
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
CVE-2006-1472 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 5.0 MEDIUM N/A
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
CVE-2005-2503 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.6 MEDIUM N/A
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
CVE-2006-0397 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.5 HIGH N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2005-2745 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 5.0 MEDIUM N/A
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
CVE-2006-1445 1 Apple 1 Mac Os X 2023-12-10 6.5 MEDIUM N/A
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."