Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-2406 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quartz Composer | 2017-07-28 | 6.8 MEDIUM | N/A |
Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. | |||||
CVE-2007-2387 | 1 Apple | 1 Xserve Lights-out Management | 2017-07-28 | 10.0 HIGH | N/A |
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool. | |||||
CVE-2007-2407 | 2 Apple, Samba | 3 Mac Os X, Mac Os X Server, Samba Server | 2017-07-28 | 4.0 MEDIUM | N/A |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | |||||
CVE-2007-2390 | 1 Apple | 1 Mac Os X | 2017-07-28 | 10.0 HIGH | N/A |
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
CVE-2007-2386 | 1 Apple | 1 Mac Os X | 2017-07-28 | 9.4 HIGH | N/A |
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||||
CVE-2007-2389 | 2 Apple, Microsoft | 3 Mac Os X, Quicktime, All Windows | 2017-07-28 | 7.1 HIGH | N/A |
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets. | |||||
CVE-2007-2395 | 1 Apple | 1 Quicktime | 2017-07-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption." | |||||
CVE-2007-2408 | 1 Apple | 1 Safari | 2017-07-28 | 6.8 MEDIUM | N/A |
WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page. | |||||
CVE-2007-2409 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2017-07-28 | 4.3 MEDIUM | N/A |
Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window. | |||||
CVE-2007-2410 | 1 Apple | 3 Mac Os X, Mac Os X Server, Webcore | 2017-07-28 | 4.3 MEDIUM | N/A |
WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of certain global objects when a new URL is visited in the same window, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
CVE-2007-2682 | 2 Adobe, Apple | 2 Creative Suite, Mac Os X | 2017-07-28 | 7.5 HIGH | N/A |
The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules. | |||||
CVE-2007-0745 | 1 Apple | 1 Mac Os X Server | 2017-07-28 | 7.1 HIGH | N/A |
The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. | |||||
CVE-2007-0748 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2017-07-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request. | |||||
CVE-2007-0749 | 1 Apple | 2 Darwin Streaming Server, Mac Os X Server | 2017-07-28 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request. | |||||
CVE-2007-0750 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-28 | 9.3 HIGH | N/A |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file. | |||||
CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-28 | 2.1 LOW | N/A |
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | |||||
CVE-2007-0752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-28 | 7.2 HIGH | N/A |
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check. | |||||
CVE-2007-1279 | 2 Adobe, Apple | 2 Bridge, Mac Os X | 2017-07-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges. | |||||
CVE-2007-1338 | 1 Apple | 1 Airport Extreme | 2017-07-28 | 7.5 HIGH | N/A |
The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would have been rejected over IPv4. | |||||
CVE-2007-0734 | 1 Apple | 2 Airport Extreme, Mac Os X | 2017-07-28 | 5.4 MEDIUM | N/A |
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. |