Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X Server
Subscriptions
Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0397 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | ||||
| CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | ||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | ||||
| CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | ||||
| CVE-2006-3502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled. | ||||
| CVE-2002-1347 | 3 Apple, Cyrusimap, Redhat | 4 Mac Os X, Mac Os X Server, Cyrus Sasl and 1 more | 2025-04-03 | 9.8 Critical |
| Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string. | ||||
| CVE-2006-3505 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. | ||||
| CVE-2004-0821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. | ||||
| CVE-2006-1220 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | ||||
| CVE-2004-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | ||||
| CVE-2004-0539 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. | ||||
| CVE-2006-1457 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | ||||
| CVE-2006-1471 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | ||||
| CVE-2003-0171 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. | ||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2025-04-03 | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
| CVE-2005-1335 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner." | ||||
| CVE-2005-1474 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | N/A |
| Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933. | ||||