Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X Server
Subscriptions
Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1394 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. | ||||
| CVE-2010-1404 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. | ||||
| CVE-2011-0196 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network. | ||||
| CVE-2011-0197 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. | ||||
| CVE-2011-0199 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 5.9 Medium |
| The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | ||||
| CVE-2010-1414 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method. | ||||
| CVE-2011-0205 | 1 Apple | 3 Imageio, Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image. | ||||
| CVE-2011-0209 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | N/A |
| Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | ||||
| CVE-2010-0516 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk. | ||||
| CVE-2011-0210 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | N/A |
| QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file. | ||||
| CVE-2011-0212 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | ||||
| CVE-2011-0230 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Buffer overflow in the ATSFontDeactivate API in Apple Type Services (ATS) in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2011-0231 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." | ||||
| CVE-2010-0503 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2010-0512 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | ||||
| CVE-2010-0513 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | ||||
| CVE-2010-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. | ||||
| CVE-2010-0522 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | N/A |
| Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | ||||
| CVE-2010-0534 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | ||||
| CVE-2010-0500 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | ||||