Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0873 1 Apple 2 Ichat, Ichat Av 2017-07-10 7.5 HIGH N/A
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
CVE-2004-1121 1 Apple 1 Safari 2017-07-10 5.0 MEDIUM N/A
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
CVE-2004-1123 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 5.0 MEDIUM N/A
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
CVE-2004-1199 1 Apple 1 Safari 2017-07-10 5.0 MEDIUM N/A
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
CVE-2004-1314 1 Apple 1 Safari 2017-07-10 7.5 HIGH N/A
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.
CVE-2004-1085 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 2.1 LOW N/A
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
CVE-2004-1081 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 2.1 LOW N/A
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
CVE-2004-1084 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 5.0 MEDIUM N/A
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
CVE-2004-1083 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 5.0 MEDIUM N/A
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
CVE-2004-1086 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 7.5 HIGH N/A
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
CVE-2004-1088 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 7.5 HIGH N/A
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVE-2004-1087 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2017-07-10 2.1 LOW N/A
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
CVE-2001-1575 1 Apple 1 Personal Web Sharing 2017-07-10 5.0 MEDIUM N/A
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
CVE-2003-0270 1 Apple 1 802.11n 2017-07-10 7.6 HIGH N/A
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections.
CVE-2003-0420 1 Apple 1 Mac Os X Server 2017-07-10 4.6 MEDIUM N/A
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
CVE-2004-0166 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-10 5.0 MEDIUM N/A
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
CVE-2003-0975 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2017-07-10 5.0 MEDIUM N/A
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVE-2001-1480 2 Apple, Sun 4 Mac Os Runtime For Java, Jdk, Jre and 1 more 2017-07-10 7.5 HIGH N/A
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
CVE-2003-1009 1 Apple 2 Mac Os X, Mac Os X Server 2017-07-10 10.0 HIGH N/A
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
CVE-2003-0601 1 Apple 1 Mac Os X Server 2017-07-10 7.5 HIGH N/A
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.