Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0546 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-17 3.3 LOW N/A
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.
CVE-2010-1373 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."
CVE-2010-1374 2 Aol, Apple 3 Aim, Mac Os X, Mac Os X Server 2010-06-17 4.3 MEDIUM N/A
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
CVE-2010-1131 2 Apple, Microsoft 2 Safari, Windows Xp 2010-06-07 4.3 MEDIUM N/A
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
CVE-2010-0538 1 Apple 2 Java, Mac Os X 2010-05-23 6.8 MEDIUM N/A
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
CVE-2010-0539 1 Apple 3 Java 1.5, Java 1.6, Mac Os X 2010-05-23 6.8 MEDIUM N/A
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.
CVE-2010-0512 1 Apple 2 Mac Os X, Mac Os X Server 2010-05-20 9.3 HIGH N/A
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
CVE-2010-0524 1 Apple 2 Mac Os X, Mac Os X Server 2010-05-20 7.5 HIGH N/A
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.
CVE-2010-0513 1 Apple 2 Mac Os X, Mac Os X Server 2010-04-08 6.8 MEDIUM N/A
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.
CVE-2010-1226 1 Apple 2 Iphone, Iphone Os 2010-04-01 5.0 MEDIUM N/A
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2010-03-31 9.0 HIGH N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2010-0504 1 Apple 1 Mac Os X Server 2010-03-31 7.5 HIGH N/A
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2010-0503 1 Apple 1 Mac Os X Server 2010-03-31 6.5 MEDIUM N/A
Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2010-0498 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-31 7.2 HIGH N/A
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
CVE-2010-0497 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-31 6.8 MEDIUM N/A
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
CVE-2009-2801 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-30 6.4 MEDIUM N/A
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
CVE-2010-0056 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-30 6.8 MEDIUM N/A
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
CVE-2010-0057 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-30 7.5 HIGH N/A
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
CVE-2010-0058 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-30 6.4 MEDIUM N/A
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.
CVE-2010-0063 1 Apple 2 Mac Os X, Mac Os X Server 2010-03-30 6.8 MEDIUM N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.