Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-0737 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2007-0732 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port." | |||||
CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.5 HIGH | N/A |
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
CVE-2007-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
CVE-2007-0723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 8.5 HIGH | N/A |
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors. | |||||
CVE-2007-0729 | 1 Apple | 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
CVE-2007-0739 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | |||||
CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | |||||
CVE-2007-0725 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands." | |||||
CVE-2007-0463 | 1 Apple | 1 Software Update | 2011-03-07 | 5.0 MEDIUM | N/A |
Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X 10.4.8 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in (1) SWUTMP or (2) SUCATALOG filenames, or using the (3) application/x-apple.sucatalog+xml MIME type. | |||||
CVE-2007-0318 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.8 HIGH | N/A |
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | |||||
CVE-2007-0299 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.1 HIGH | N/A |
Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference. | |||||
CVE-2007-0117 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 10.0 HIGH | N/A |
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. | |||||
CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.6 LOW | N/A |
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | |||||
CVE-2006-4396 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | |||||
CVE-2006-4397 | 1 Apple | 1 Mac Os X | 2011-03-07 | 4.6 MEDIUM | N/A |
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. | |||||
CVE-2006-4398 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.2 HIGH | N/A |
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | |||||
CVE-2006-4400 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.1 MEDIUM | N/A |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. | |||||
CVE-2006-4401 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.1 MEDIUM | N/A |
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. | |||||
CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2011-03-07 | 10.0 HIGH | N/A |
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. |