Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X
Subscriptions
Total
5568 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6353 | 1 Apple | 3 Bomarchivehelper, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | ||||
| CVE-2008-1147 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting. | ||||
| CVE-2008-1148 | 8 Apple, Cosmicperl, Darwin and 5 more | 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more | 2025-04-09 | N/A |
| A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting. | ||||
| CVE-2007-3828 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386. | ||||
| CVE-2007-5863 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | ||||
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | ||||
| CVE-2008-2006 | 1 Apple | 2 Ical, Mac Os X | 2025-04-09 | N/A |
| Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | ||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | ||||
| CVE-2008-0997 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. | ||||
| CVE-2008-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | ||||
| CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | ||||
| CVE-2008-0992 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | ||||
| CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | ||||
| CVE-2008-4236 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows remote attackers to cause a denial of service (infinite loop) via a crafted embedded font in a PDF file. | ||||
| CVE-2008-4234 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. | ||||
| CVE-2007-0267 | 2 Apple, Freebsd | 2 Mac Os X, Freebsd | 2025-04-09 | N/A |
| The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries. | ||||
| CVE-2008-1574 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow. | ||||
| CVE-2006-6062 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. | ||||
| CVE-2009-4017 | 4 Apple, Debian, Php and 1 more | 4 Mac Os X, Debian Linux, Php and 1 more | 2025-04-09 | N/A |
| PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive. | ||||
| CVE-2007-4695 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | ||||