Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | |||||
CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | |||||
CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.5 HIGH | N/A |
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | |||||
CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2011-03-07 | 5.0 MEDIUM | N/A |
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
CVE-2006-4411 | 1 Apple | 1 Mac Os X | 2011-03-07 | 7.2 HIGH | N/A |
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2006-4413 | 1 Apple | 1 Remote Desktop | 2011-03-07 | 7.2 HIGH | N/A |
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | |||||
CVE-2006-3506 | 1 Apple | 3 Mac Os X, Mac Os X Server, Xsan | 2011-03-07 | 4.6 MEDIUM | N/A |
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." | |||||
CVE-2006-3507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. | |||||
CVE-2006-3508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | |||||
CVE-2006-3509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 7.2 HIGH | N/A |
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | |||||
CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 5.0 MEDIUM | N/A |
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||||
CVE-2005-2752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.1 LOW | N/A |
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | |||||
CVE-2005-1579 | 1 Apple | 1 Quicktime | 2011-03-07 | 5.0 MEDIUM | N/A |
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | |||||
CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2011-03-07 | 5.1 MEDIUM | N/A |
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | |||||
CVE-2005-1341 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2011-03-07 | 5.1 MEDIUM | N/A |
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. | |||||
CVE-2005-1342 | 1 Apple | 2 Mac Os X, Terminal | 2011-03-07 | 7.5 HIGH | N/A |
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. | |||||
CVE-2003-0379 | 1 Apple | 1 Afp Server | 2011-03-07 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files. | |||||
CVE-2003-0502 | 1 Apple | 1 Darwin Streaming Server | 2011-03-07 | 10.0 HIGH | N/A |
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421. | |||||
CVE-2007-0646 | 1 Apple | 3 Imovie, Mac Os X, Safari | 2011-03-06 | 7.1 HIGH | N/A |
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function. | |||||
CVE-2006-1982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-06 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. |