Total
5524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.6 LOW | N/A |
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | |||||
CVE-2006-4397 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. | |||||
CVE-2006-4398 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.2 HIGH | N/A |
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | |||||
CVE-2006-4401 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. | |||||
CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | |||||
CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.5 HIGH | N/A |
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | |||||
CVE-2006-4411 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.2 HIGH | N/A |
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | |||||
CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2011-03-07 | 10.0 HIGH | N/A |
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||||
CVE-2006-4396 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | |||||
CVE-2006-4400 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. | |||||
CVE-2006-3506 | 1 Apple | 3 Mac Os X, Mac Os X Server, Xsan | 2011-03-07 | 4.6 MEDIUM | N/A |
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." | |||||
CVE-2006-3507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. | |||||
CVE-2006-3508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | |||||
CVE-2006-3509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | |||||
CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 5.0 MEDIUM | N/A |
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||||
CVE-2005-2752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.1 LOW | N/A |
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | |||||
CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2011-03-07 | 5.1 MEDIUM | N/A |
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | |||||
CVE-2005-1341 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2011-03-07 | 5.1 MEDIUM | N/A |
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. |