Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1517 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 7.2 HIGH N/A
Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues.
CVE-2008-1576 1 Apple 1 Mac Os X 2017-08-07 6.8 MEDIUM N/A
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message.
CVE-2008-1577 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
CVE-2008-1578 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 2.1 LOW N/A
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2008-1571 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 5.0 MEDIUM N/A
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
CVE-2008-1579 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 5.0 MEDIUM N/A
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
CVE-2008-1573 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 7.1 HIGH N/A
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
CVE-2008-1574 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.
CVE-2008-1575 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
CVE-2008-1572 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.6 MEDIUM N/A
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
CVE-2008-1580 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2017-08-07 4.3 MEDIUM N/A
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
CVE-2008-1582 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
CVE-2008-1583 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
CVE-2008-1701 2 Apple, Novell 2 Mac Os X, Iprint 2017-08-07 5.0 MEDIUM N/A
Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.
CVE-2008-2318 1 Apple 2 Xcode, Xcode Tools 2017-08-07 5.0 MEDIUM N/A
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
CVE-2008-2305 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.6 MEDIUM N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
CVE-2008-2309 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.8 MEDIUM N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
CVE-2008-2311 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 7.6 HIGH N/A
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
CVE-2008-2310 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.8 MEDIUM N/A
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.