Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4708 1 Apple 1 Mac Os X 2017-07-28 9.3 HIGH N/A
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
CVE-2007-4710 1 Apple 1 Mac Os X 2017-07-28 9.3 HIGH N/A
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
CVE-2007-5847 1 Apple 1 Mac Os X 2017-07-28 6.6 MEDIUM N/A
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
CVE-2007-5476 3 Adobe, Apple, Opera 3 Flash Player, Mac Os X, Opera Browser 2017-07-28 10.0 HIGH N/A
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
CVE-2007-5850 1 Apple 1 Mac Os X 2017-07-28 8.8 HIGH N/A
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
CVE-2007-5849 2 Apple, Easy Software Products 2 Mac Os X, Cups 2017-07-28 9.3 HIGH N/A
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
CVE-2007-5851 1 Apple 1 Mac Os X 2017-07-28 3.6 LOW N/A
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
CVE-2007-5853 1 Apple 1 Mac Os X 2017-07-28 9.3 HIGH N/A
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
CVE-2007-5854 1 Apple 1 Mac Os X 2017-07-28 4.3 MEDIUM N/A
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
CVE-2007-5855 1 Apple 1 Mac Os X 2017-07-28 6.4 MEDIUM N/A
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.
CVE-2007-5856 1 Apple 1 Mac Os X 2017-07-28 9.4 HIGH N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2007-5859 1 Apple 2 Mac Os X, Safari 2017-07-28 9.3 HIGH N/A
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
CVE-2007-5860 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 7.2 HIGH N/A
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
CVE-2007-5861 1 Apple 1 Mac Os X 2017-07-28 6.8 MEDIUM N/A
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
CVE-2007-5857 1 Apple 1 Mac Os X 2017-07-28 6.4 MEDIUM N/A
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.
CVE-2007-4681 1 Apple 1 Mac Os X 2017-07-28 6.9 MEDIUM N/A
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.
CVE-2007-4682 1 Apple 1 Mac Os X 2017-07-28 6.8 MEDIUM N/A
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.
CVE-2007-4683 1 Apple 1 Mac Os X 2017-07-28 4.6 MEDIUM N/A
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
CVE-2007-4685 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-28 7.2 HIGH N/A
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
CVE-2007-3185 1 Apple 1 Safari 2017-07-28 7.8 HIGH N/A
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.