Total
5567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1034 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
| Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. | |||||
| CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.4 MEDIUM | N/A |
| Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. | |||||
| CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2007-4696 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||||
| CVE-2007-0752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | |||||
| CVE-2008-0042 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | |||||
| CVE-2006-6292 | 1 Apple | 2 Airport Extreme, Mac Os X | 2025-04-09 | 5.7 MEDIUM | N/A |
| Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames. | |||||
| CVE-2008-2324 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | |||||
| CVE-2008-0063 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | |||||
| CVE-2007-4268 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
| Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2025-04-09 | 2.6 LOW | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
| CVE-2006-6652 | 2 Apple, Netbsd | 2 Mac Os X, Netbsd | 2025-04-09 | 9.0 HIGH | N/A |
| Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. | |||||
| CVE-2007-6261 | 1 Apple | 1 Mac Os X | 2025-04-09 | 4.9 MEDIUM | N/A |
| Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | |||||
| CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | |||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.6 HIGH | N/A |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | |||||
| CVE-2009-0019 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. | |||||
| CVE-2008-2314 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.4 MEDIUM | N/A |
| Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors. | |||||
| CVE-2008-3629 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Quicktime and 3 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | |||||
| CVE-2007-5851 | 1 Apple | 1 Mac Os X | 2025-04-09 | 3.6 LOW | N/A |
| iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | |||||
| CVE-2007-4704 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions. | |||||