Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1552 1 Apple 4 Imageio, Mac Os X, Mac Os X Server and 1 more 2017-07-19 5.0 MEDIUM N/A
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
CVE-2006-1470 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 5.0 MEDIUM N/A
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
CVE-2005-4217 1 Apple 1 Mac Os X Server 2017-07-19 7.5 HIGH N/A
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
CVE-2005-4504 1 Apple 4 Mac Os X, Mac Os X Server, Safari and 1 more 2017-07-19 7.8 HIGH N/A
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
CVE-2006-0382 1 Apple 1 Mac Os X 2017-07-19 2.1 LOW N/A
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
CVE-2006-0383 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 5.0 MEDIUM N/A
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
CVE-2006-0384 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 7.5 HIGH N/A
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
CVE-2006-0386 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 1.7 LOW N/A
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
CVE-2006-0387 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 6.4 MEDIUM N/A
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
CVE-2006-0388 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 2.6 LOW N/A
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
CVE-2006-0389 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
CVE-2006-0391 1 Apple 1 Mac Os X 2017-07-19 1.7 LOW N/A
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
CVE-2006-0393 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 4.0 MEDIUM N/A
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
CVE-2006-0392 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 5.1 MEDIUM N/A
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
CVE-2006-0395 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 5.1 MEDIUM N/A
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-2006-0398 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 7.5 HIGH N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2006-0399 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 7.5 HIGH N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2006-0400 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 7.5 HIGH N/A
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
CVE-2006-0401 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 4.6 MEDIUM N/A
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
CVE-2006-0397 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-19 7.5 HIGH N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.