Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4407 1 Apple 1 Mac Os X 2011-03-07 5.0 MEDIUM N/A
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
CVE-2006-4408 1 Apple 1 Mac Os X 2011-03-07 5.0 MEDIUM N/A
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
CVE-2006-4410 1 Apple 1 Mac Os X 2011-03-07 7.5 HIGH N/A
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
CVE-2006-4409 1 Apple 1 Mac Os X 2011-03-07 5.0 MEDIUM N/A
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
CVE-2006-4411 1 Apple 1 Mac Os X 2011-03-07 7.2 HIGH N/A
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
CVE-2006-4413 1 Apple 1 Remote Desktop 2011-03-07 7.2 HIGH N/A
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
CVE-2006-3506 1 Apple 3 Mac Os X, Mac Os X Server, Xsan 2011-03-07 4.6 MEDIUM N/A
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
CVE-2006-3507 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-07 7.2 HIGH N/A
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
CVE-2006-3508 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-07 7.2 HIGH N/A
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
CVE-2006-3509 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-07 7.2 HIGH N/A
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
CVE-2005-3702 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-07 5.0 MEDIUM N/A
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
CVE-2005-2752 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-07 2.1 LOW N/A
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
CVE-2005-1579 1 Apple 1 Quicktime 2011-03-07 5.0 MEDIUM N/A
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
CVE-2005-1331 1 Apple 3 Applescript, Mac Os X, Mac Os X Server 2011-03-07 5.1 MEDIUM N/A
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
CVE-2005-1341 1 Apple 3 Mac Os X, Mac Os X Server, Terminal 2011-03-07 5.1 MEDIUM N/A
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
CVE-2005-1342 1 Apple 2 Mac Os X, Terminal 2011-03-07 7.5 HIGH N/A
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.
CVE-2003-0379 1 Apple 1 Afp Server 2011-03-07 5.0 MEDIUM N/A
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
CVE-2003-0502 1 Apple 1 Darwin Streaming Server 2011-03-07 10.0 HIGH N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVE-2007-0646 1 Apple 3 Imovie, Mac Os X, Safari 2011-03-06 7.1 HIGH N/A
Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.
CVE-2006-1982 1 Apple 2 Mac Os X, Mac Os X Server 2011-03-06 7.5 HIGH N/A
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.