Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5524 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0171 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-10 7.2 HIGH N/A
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
CVE-2003-0198 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-10 6.4 MEDIUM N/A
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
CVE-2002-0655 3 Apple, Openssl, Oracle 5 Mac Os X, Openssl, Application Server and 2 more 2008-09-10 7.5 HIGH N/A
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2002-0666 6 Apple, Freebsd, Frees Wan and 3 more 12 Mac Os X, Mac Os X Server, Freebsd and 9 more 2008-09-10 5.0 MEDIUM N/A
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVE-2002-0656 3 Apple, Openssl, Oracle 5 Mac Os X, Openssl, Application Server and 2 more 2008-09-10 7.5 HIGH N/A
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
CVE-2002-0659 3 Apple, Openssl, Oracle 5 Mac Os X, Openssl, Application Server and 2 more 2008-09-10 5.0 MEDIUM N/A
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVE-2008-3438 1 Apple 1 Mac Os X 2008-09-05 7.5 HIGH N/A
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
CVE-2007-3828 1 Apple 1 Mac Os X 2008-09-05 10.0 HIGH N/A
Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
CVE-2007-0614 1 Apple 3 Ichat, Instant Message Framework, Mac Os X 2008-09-05 7.8 HIGH N/A
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
CVE-2007-0710 1 Apple 2 Ichat, Mac Os X 2008-09-05 2.1 LOW N/A
The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote attackers to cause a denial of service (persistent application crash) via unspecified vectors, possibly related to CVE-2007-0614.
CVE-2007-0647 1 Apple 1 Mac Os X 2008-09-05 7.1 HIGH N/A
Format string vulnerability in Help Viewer 3.0.0 allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSBeginAlertSheet Apple AppKit function.
CVE-2006-6353 1 Apple 3 Bomarchivehelper, Mac Os X, Mac Os X Server 2008-09-05 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".
CVE-2006-4866 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 4.6 MEDIUM N/A
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
CVE-2005-3782 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 2.1 LOW N/A
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
CVE-2005-2742 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 4.6 MEDIUM N/A
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.
CVE-2005-2743 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2008-09-05 7.5 HIGH N/A
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
CVE-2005-2745 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 5.0 MEDIUM N/A
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
CVE-2005-2746 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 5.0 MEDIUM N/A
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
CVE-2005-2748 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 2.1 LOW N/A
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
CVE-2005-2504 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 7.2 HIGH N/A
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.