Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-2312 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.9 MEDIUM N/A
Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file.
CVE-2008-2313 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.6 MEDIUM N/A
Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.
CVE-2008-2321 1 Apple 3 Coregraphics, Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
CVE-2008-2322 1 Apple 3 Coregraphics, Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
CVE-2008-2323 1 Apple 2 Data Detectors Engine, Mac Os X 2017-08-07 7.1 HIGH N/A
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
CVE-2008-2325 1 Apple 3 Mac Os X, Mac Os X Server, Quicklook 2017-08-07 9.3 HIGH N/A
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
CVE-2008-2324 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.6 MEDIUM N/A
The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 adds the setuid bit to the emacs executable file, which allows local users to gain privileges by executing commands within emacs.
CVE-2008-2329 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 1.9 LOW N/A
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
CVE-2008-2331 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 5.0 MEDIUM N/A
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.
CVE-2008-2330 1 Apple 1 Mac Os X Server 2017-08-07 4.9 MEDIUM N/A
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."
CVE-2008-2332 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
CVE-2007-6238 1 Apple 1 Quicktime 2017-08-07 10.0 HIGH N/A
Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release advisories with actionable information. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. However, the organization has stated that this is different than CVE-2007-6166.
CVE-2007-6261 1 Apple 1 Mac Os X 2017-08-07 4.9 MEDIUM N/A
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
CVE-2007-6359 1 Apple 1 Mac Os X 2017-08-07 4.9 MEDIUM N/A
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
CVE-2008-0031 1 Apple 1 Quicktime 2017-08-07 5.8 MEDIUM N/A
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
CVE-2008-0032 1 Apple 1 Quicktime 2017-08-07 5.8 MEDIUM N/A
Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.
CVE-2008-0036 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.
CVE-2008-0051 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.9 MEDIUM N/A
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
CVE-2008-0052 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.8 MEDIUM N/A
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
CVE-2008-0054 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.4 MEDIUM N/A
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.