Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2757 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 7.5 HIGH | N/A |
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | |||||
CVE-2005-0234 | 1 Apple | 1 Safari | 2017-07-10 | 5.0 MEDIUM | N/A |
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
CVE-2005-0126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 7.5 HIGH | N/A |
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. | |||||
CVE-2005-0127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 5.0 MEDIUM | N/A |
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | |||||
CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2017-07-10 | 5.0 MEDIUM | N/A |
Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | |||||
CVE-2005-0340 | 1 Apple | 1 Afp Server | 2017-07-10 | 5.0 MEDIUM | N/A |
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. | |||||
CVE-2005-0341 | 1 Apple | 1 Safari | 2017-07-10 | 4.3 MEDIUM | N/A |
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. | |||||
CVE-2005-0342 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 2.1 LOW | N/A |
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. | |||||
CVE-2005-2194 | 1 Apple | 1 Mac Os X | 2017-07-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. | |||||
CVE-2005-0975 | 2 Apple, Opendarwin | 3 Mac Os X, Mac Os X Server, Darwin Kernel | 2017-07-10 | 2.1 LOW | N/A |
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. | |||||
CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | |||||
CVE-2005-1505 | 1 Apple | 1 Mail | 2017-07-10 | 7.5 HIGH | N/A |
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||||
CVE-2005-1726 | 1 Apple | 1 Mac Os X | 2017-07-10 | 4.6 MEDIUM | N/A |
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions." | |||||
CVE-2005-2272 | 1 Apple | 1 Safari | 2017-07-10 | 2.6 LOW | N/A |
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | |||||
CVE-2004-1832 | 1 Apple | 1 Mac Os X Server | 2017-07-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. | |||||
CVE-2004-0361 | 1 Apple | 1 Safari | 2017-07-10 | 5.0 MEDIUM | N/A |
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||||
CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." | |||||
CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. | |||||
CVE-2004-0428 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. | |||||
CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2017-07-10 | 10.0 HIGH | N/A |
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. |