Filtered by vendor Apple
Subscribe
Search
Total
4318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0720 | 1 Apple | 1 Safari | 2017-07-11 | 7.5 HIGH | N/A |
| Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-1081 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. | |||||
| CVE-2004-1021 | 1 Apple | 1 Ical | 2017-07-11 | 7.5 HIGH | N/A |
| iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. | |||||
| CVE-2004-1086 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file. | |||||
| CVE-2004-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. | |||||
| CVE-2004-0517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. | |||||
| CVE-2004-0516 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. | |||||
| CVE-2004-1085 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. | |||||
| CVE-2004-0515 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." | |||||
| CVE-2004-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." | |||||
| CVE-2004-1084 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles. | |||||
| CVE-2004-0513 | 1 Apple | 1 Mac Os X | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls." | |||||
| CVE-2004-0489 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.6 HIGH | N/A |
| Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | |||||
| CVE-2004-0486 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.6 HIGH | N/A |
| HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. | |||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | |||||
| CVE-2004-0431 | 1 Apple | 1 Quicktime | 2017-07-11 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-0430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field. | |||||
| CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. | |||||
| CVE-2004-0428 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. | |||||
| CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." | |||||
| CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. | |||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||||
| CVE-2004-1083 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. | |||||
| CVE-2004-0085 | 1 Apple | 1 Mac Os X | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. | |||||
| CVE-2001-1575 | 1 Apple | 1 Personal Web Sharing | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. | |||||
| CVE-2003-1091 | 1 Apple | 1 Quicktime Broadcaster | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files. | |||||
| CVE-2003-1011 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell. | |||||
| CVE-2003-1010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-11 | 7.5 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
| CVE-2003-1008 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application. | |||||
| CVE-2003-1007 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact. | |||||
| CVE-2003-1006 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. | |||||
| CVE-2003-0913 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access." | |||||
| CVE-2003-0895 | 1 Apple | 1 Mac Os X | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]). | |||||
| CVE-2003-0877 | 1 Apple | 1 Mac Os X | 2017-07-11 | 4.6 MEDIUM | N/A |
| Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory. | |||||
| CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | |||||
| CVE-2003-0876 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. | |||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
| CVE-2003-0601 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved. | |||||
| CVE-2001-1446 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.5 HIGH | N/A |
| Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories. | |||||
| CVE-2003-1009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 10.0 HIGH | N/A |
| Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges. | |||||
| CVE-2003-0975 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||||
| CVE-2003-0420 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. | |||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2017-07-11 | 7.6 HIGH | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
| CVE-2004-0166 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | |||||
| CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2017-07-11 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. | |||||
| CVE-2014-8151 | 2 Apple, Haxx | 2 Mac Os X, Libcurl | 2017-07-01 | 5.8 MEDIUM | N/A |
| The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2015-7626 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2017-07-01 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. | |||||
| CVE-2015-7627 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2017-07-01 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634. | |||||
| CVE-2015-7630 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2017-07-01 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7633, and CVE-2015-7634. | |||||