Filtered by vendor Apple
Subscriptions
Total
12820 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1451 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. | ||||
| CVE-2006-1452 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy. | ||||
| CVE-2006-1453 | 1 Apple | 1 Quicktime | 2025-04-03 | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information. | ||||
| CVE-2006-1454 | 1 Apple | 1 Quicktime | 2025-04-03 | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data. | ||||
| CVE-2006-1455 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | ||||
| CVE-2006-1456 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. | ||||
| CVE-2006-4866 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. | ||||
| CVE-2006-4887 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2025-04-03 | N/A |
| Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. | ||||
| CVE-2005-1341 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2025-04-03 | N/A |
| Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. | ||||
| CVE-2006-1458 | 1 Apple | 1 Quicktime | 2025-04-03 | N/A |
| Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | ||||
| CVE-2006-1459 | 1 Apple | 1 Quicktime | 2025-04-03 | N/A |
| Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). | ||||
| CVE-2003-1010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2005-0594 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | N/A |
| Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code. | ||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. | ||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2025-04-03 | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | ||||
| CVE-2005-0903 | 1 Apple | 1 Quicktime Pictureviewer | 2025-04-03 | N/A |
| Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data. | ||||
| CVE-2022-3918 | 1 Apple | 1 Swift Foundation | 2025-04-02 | 8.8 High |
| A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header "Foo" to the value "Bar Extra-Header: Added GET /other HTTP/1.1". When this request is sent, it will appear to the server as two requests: GET / HTTP/1.1 Foo: Bar Extra-Header: Added GET /other HTTP/1.1 In this manner, the client is able to inject extra headers and craft an entirely new request to a separate path, despite only making one API call in URLSession. If a developer has total control over the request and its headers, this vulnerability may not pose a threat. However, this vulnerability escalates if un-sanitized user input is placed in header values. If so, a malicious user could inject new headers or requests to an intermediary or backend server. Developers should be especially careful to sanitize user input in this case, or upgrade their version of swift-corelibs-foundation to include the patch below. | ||||
| CVE-2025-27167 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | 7.8 High |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | ||||
| CVE-2025-27168 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | 7.8 High |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-27170 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2025-03-31 | 5.5 Medium |
| Illustrator versions 29.2.1, 28.7.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||