Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
CVE-2003-0876 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 2.1 LOW | N/A |
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. | |||||
CVE-2003-0877 | 1 Apple | 1 Mac Os X | 2017-07-10 | 4.6 MEDIUM | N/A |
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory. | |||||
CVE-2003-0895 | 1 Apple | 1 Mac Os X | 2017-07-10 | 4.6 MEDIUM | N/A |
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]). | |||||
CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-10 | 7.5 HIGH | N/A |
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
CVE-2003-0913 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 4.6 MEDIUM | N/A |
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access." | |||||
CVE-2003-1006 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 7.2 HIGH | N/A |
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. | |||||
CVE-2003-1007 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 5.0 MEDIUM | N/A |
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact. | |||||
CVE-2003-1008 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 4.6 MEDIUM | N/A |
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application. | |||||
CVE-2003-1010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-10 | 4.6 MEDIUM | N/A |
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2017-07-10 | 7.5 HIGH | N/A |
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
CVE-2003-1011 | 1 Apple | 1 Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell. | |||||
CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2017-07-10 | 7.5 HIGH | N/A |
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. | |||||
CVE-2004-0085 | 1 Apple | 1 Mac Os X | 2017-07-10 | 5.0 MEDIUM | N/A |
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. | |||||
CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2017-07-10 | 2.1 LOW | N/A |
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. | |||||
CVE-2017-6977 | 1 Apple | 1 Mac Os X | 2017-07-07 | 6.8 MEDIUM | 8.6 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2017-6986 | 1 Apple | 1 Mac Os X | 2017-07-07 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2017-07-07 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
CVE-2017-2497 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | |||||
CVE-2017-2494 | 1 Apple | 1 Mac Os X | 2017-07-07 | 9.3 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |