Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3613 | 1 Apple | 2 Mac Os X, Macbook Air | 2017-08-07 | 6.1 MEDIUM | N/A |
Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | |||||
CVE-2008-3616 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 10.0 HIGH | N/A |
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions. | |||||
CVE-2008-3619 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 2.1 LOW | N/A |
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2008-3621 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | |||||
CVE-2008-3617 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.0 MEDIUM | N/A |
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | |||||
CVE-2008-3618 | 1 Apple | 1 Mac Os X | 2017-08-07 | 9.0 HIGH | N/A |
The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended. | |||||
CVE-2008-3637 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | |||||
CVE-2008-3638 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | |||||
CVE-2008-3642 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via an image with a crafted ICC profile. | |||||
CVE-2008-3643 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 7.8 HIGH | N/A |
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue." | |||||
CVE-2008-4234 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. | |||||
CVE-2008-4212 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions. | |||||
CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | |||||
CVE-2008-4215 | 1 Apple | 1 Mac Os X Server | 2017-08-07 | 7.5 HIGH | N/A |
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions. | |||||
CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2017-08-07 | 5.0 MEDIUM | N/A |
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | |||||
CVE-2008-4593 | 1 Apple | 1 Iphone | 2017-08-07 | 1.2 LOW | N/A |
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416. | |||||
CVE-2008-2830 | 1 Apple | 1 Mac Os X | 2017-08-07 | 7.2 HIGH | N/A |
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application, as originally demonstrated by an osascript tell command to ARDAgent. | |||||
CVE-2008-2934 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2017-08-07 | 6.8 MEDIUM | N/A |
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. | |||||
CVE-2008-3170 | 1 Apple | 1 Safari | 2017-08-07 | 6.8 MEDIUM | N/A |
Apple Safari allows web sites to set cookies for country-specific top-level domains, such as co.uk and com.au, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking," a related issue to CVE-2004-0746, CVE-2004-0866, and CVE-2004-0867. | |||||
CVE-2008-3171 | 1 Apple | 1 Safari | 2017-08-07 | 5.0 MEDIUM | N/A |
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. |