Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-2312 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.9 MEDIUM | N/A |
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2008-2313 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.6 MEDIUM | N/A |
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory. | |||||
CVE-2008-2321 | 1 Apple | 3 Coregraphics, Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." | |||||
CVE-2008-2322 | 1 Apple | 3 Coregraphics, Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow. | |||||
CVE-2008-2323 | 1 Apple | 2 Data Detectors Engine, Mac Os X | 2017-08-07 | 7.1 HIGH | N/A |
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages. | |||||
CVE-2008-2325 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicklook | 2017-08-07 | 9.3 HIGH | N/A |
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." | |||||
CVE-2008-2324 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.6 MEDIUM | N/A |
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs. | |||||
CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 1.9 LOW | N/A |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
CVE-2008-2331 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.0 MEDIUM | N/A |
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | |||||
CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2017-08-07 | 4.9 MEDIUM | N/A |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
CVE-2008-2332 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image. | |||||
CVE-2007-6238 | 1 Apple | 1 Quicktime | 2017-08-07 | 10.0 HIGH | N/A |
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166. | |||||
CVE-2007-6261 | 1 Apple | 1 Mac Os X | 2017-08-07 | 4.9 MEDIUM | N/A |
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary. | |||||
CVE-2007-6359 | 1 Apple | 1 Mac Os X | 2017-08-07 | 4.9 MEDIUM | N/A |
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL. | |||||
CVE-2008-0031 | 1 Apple | 1 Quicktime | 2017-08-07 | 5.8 MEDIUM | N/A |
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | |||||
CVE-2008-0032 | 1 Apple | 1 Quicktime | 2017-08-07 | 5.8 MEDIUM | N/A |
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | |||||
CVE-2008-0036 | 1 Apple | 1 Quicktime | 2017-08-07 | 6.8 MEDIUM | N/A |
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | |||||
CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.9 MEDIUM | N/A |
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.8 MEDIUM | N/A |
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||||
CVE-2008-0054 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.4 MEDIUM | N/A |
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used. |