Total
5536 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2003-0681 | 8 Apple, Gentoo, Hp and 5 more | 14 Mac Os X, Mac Os X Server, Linux and 11 more | 2024-02-04 | 7.5 HIGH | N/A |
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||||
CVE-2003-0378 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | N/A |
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. | |||||
CVE-2002-0659 | 3 Apple, Openssl, Oracle | 5 Mac Os X, Openssl, Application Server and 2 more | 2024-02-04 | 5.0 MEDIUM | N/A |
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||||
CVE-2004-1081 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2024-02-04 | 2.1 LOW | N/A |
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. | |||||
CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | |||||
CVE-2004-0092 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. | |||||
CVE-2004-0085 | 1 Apple | 1 Mac Os X | 2024-02-04 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. | |||||
CVE-2003-0871 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-04 | 7.5 HIGH | N/A |
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system." | |||||
CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2024-02-04 | 7.5 HIGH | N/A |
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2024-02-04 | 10.0 HIGH | N/A |
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. | |||||
CVE-2006-5051 | 3 Apple, Debian, Openbsd | 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more | 2024-02-02 | 9.3 HIGH | 8.1 HIGH |
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | |||||
CVE-2002-1898 | 1 Apple | 1 Mac Os X | 2024-02-02 | 7.2 HIGH | N/A |
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window. | |||||
CVE-2009-1955 | 7 Apache, Apple, Canonical and 4 more | 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more | 2024-02-02 | 5.0 MEDIUM | 7.5 HIGH |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. | |||||
CVE-2021-30860 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-02-02 | 6.8 MEDIUM | 7.8 HIGH |
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
CVE-2011-0611 | 6 Adobe, Apple, Google and 3 more | 9 Acrobat, Acrobat Reader, Adobe Air and 6 more | 2024-02-02 | 9.3 HIGH | 8.8 HIGH |
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011. | |||||
CVE-2007-4268 | 1 Apple | 1 Mac Os X | 2024-02-02 | 7.2 HIGH | 7.8 HIGH |
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow. |