Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4708 | 1 Apple | 1 Mac Os X | 2017-07-28 | 9.3 HIGH | N/A |
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler. | |||||
CVE-2007-4710 | 1 Apple | 1 Mac Os X | 2017-07-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption. | |||||
CVE-2007-5847 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.6 MEDIUM | N/A |
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | |||||
CVE-2007-5476 | 3 Adobe, Apple, Opera | 3 Flash Player, Mac Os X, Opera Browser | 2017-07-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors. | |||||
CVE-2007-5850 | 1 Apple | 1 Mac Os X | 2017-07-28 | 8.8 HIGH | N/A |
Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file. | |||||
CVE-2007-5849 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-28 | 9.3 HIGH | N/A |
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow. | |||||
CVE-2007-5851 | 1 Apple | 1 Mac Os X | 2017-07-28 | 3.6 LOW | N/A |
iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors. | |||||
CVE-2007-5853 | 1 Apple | 1 Mac Os X | 2017-07-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption. | |||||
CVE-2007-5854 | 1 Apple | 1 Mac Os X | 2017-07-28 | 4.3 MEDIUM | N/A |
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. | |||||
CVE-2007-5855 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.4 MEDIUM | N/A |
Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | |||||
CVE-2007-5856 | 1 Apple | 1 Mac Os X | 2017-07-28 | 9.4 HIGH | N/A |
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information. | |||||
CVE-2007-5859 | 1 Apple | 2 Mac Os X, Safari | 2017-07-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption. | |||||
CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | |||||
CVE-2007-5861 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | |||||
CVE-2007-5857 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.4 MEDIUM | N/A |
Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | |||||
CVE-2007-4681 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.9 MEDIUM | N/A |
Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy. | |||||
CVE-2007-4682 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.8 MEDIUM | N/A |
CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer. | |||||
CVE-2007-4683 | 1 Apple | 1 Mac Os X | 2017-07-28 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory. | |||||
CVE-2007-4685 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-28 | 7.2 HIGH | N/A |
The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state." | |||||
CVE-2007-3185 | 1 Apple | 1 Safari | 2017-07-28 | 7.8 HIGH | N/A |
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. |