Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X Server
Total 799 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1402 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
CVE-2010-1845 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
CVE-2010-1403 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
CVE-2010-1749 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.
CVE-2010-1397 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
CVE-2010-1398 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
CVE-2010-1401 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
CVE-2010-1392 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2018-10-10 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style.
CVE-2010-0526 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 4.3 MEDIUM N/A
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.
CVE-2010-0517 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
CVE-2010-0516 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.
CVE-2010-0519 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
CVE-2010-0505 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.
CVE-2010-0520 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.
CVE-2010-0062 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.
CVE-2010-0059 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.
CVE-2009-2813 3 Apple, Fedoraproject, Samba 4 Mac Os X, Mac Os X Server, Fedora and 1 more 2018-10-10 6.0 MEDIUM N/A
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
CVE-2009-1717 1 Apple 2 Mac Os X, Mac Os X Server 2018-10-10 6.8 MEDIUM N/A
Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.
CVE-2009-1719 2 Apple, Sun 3 Mac Os X, Mac Os X Server, Jre 2018-10-10 7.5 HIGH N/A
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
CVE-2009-0945 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2018-10-10 9.3 HIGH N/A
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.