Search
Total
800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0524 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-05-21 | 7.5 HIGH | N/A |
| The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | |||||
| CVE-2010-0512 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-05-21 | 9.3 HIGH | N/A |
| The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | |||||
| CVE-2010-0513 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | |||||
| CVE-2010-0510 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 9.0 HIGH | N/A |
| Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | |||||
| CVE-2010-0504 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-0503 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 6.5 MEDIUM | N/A |
| Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2010-0498 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 7.2 HIGH | N/A |
| Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2010-0497 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. | |||||
| CVE-2010-0502 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 4.3 MEDIUM | N/A |
| iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type. | |||||
| CVE-2010-0506 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. | |||||
| CVE-2010-0507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. | |||||
| CVE-2010-0508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 10.0 HIGH | N/A |
| Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. | |||||
| CVE-2010-0509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 7.2 HIGH | N/A |
| SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. | |||||
| CVE-2010-0511 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 5.0 MEDIUM | N/A |
| Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | |||||
| CVE-2009-2801 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.4 MEDIUM | N/A |
| The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." | |||||
| CVE-2010-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.4 MEDIUM | N/A |
| freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. | |||||
| CVE-2010-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. | |||||
| CVE-2010-0063 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. | |||||
| CVE-2010-0064 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.9 MEDIUM | N/A |
| DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. | |||||
| CVE-2010-0065 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. | |||||
| CVE-2010-0500 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 7.8 HIGH | N/A |
| Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | |||||
| CVE-2010-0501 | 1 Apple | 1 Mac Os X Server | 2010-03-31 | 6.8 MEDIUM | N/A |
| Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. | |||||
| CVE-2010-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-03-31 | 7.5 HIGH | N/A |
| AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. | |||||
| CVE-2009-2839 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-12-19 | 6.8 MEDIUM | N/A |
| Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2009-2823 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-24 | 4.3 MEDIUM | N/A |
| The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.9 MEDIUM | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
| CVE-2009-2835 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.6 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.2 MEDIUM | N/A |
| Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | |||||
| CVE-2009-2832 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.1 MEDIUM | N/A |
| Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." | |||||
| CVE-2009-2833 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 7.5 HIGH | N/A |
| Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.0 MEDIUM | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
| CVE-2009-2818 | 1 Apple | 1 Mac Os X Server | 2009-11-17 | 5.0 MEDIUM | N/A |
| Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||||
| CVE-2009-2808 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 5.4 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | |||||
| CVE-2009-2810 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message. | |||||
| CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 9.3 HIGH | N/A |
| AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||||
| CVE-2009-2824 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||||
| CVE-2009-2825 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.3 MEDIUM | N/A |
| Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
| CVE-2009-2826 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||||
| CVE-2009-2831 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 5.8 MEDIUM | N/A |
| Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||||
| CVE-2009-2830 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515. | |||||
| CVE-2009-2827 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||||
| CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 7.5 HIGH | N/A |
| The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-11-17 | 4.9 MEDIUM | N/A |
| IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||||
| CVE-2009-2205 | 1 Apple | 5 Java 1.4, Java 1.5, Java 1.6 and 2 more | 2009-09-19 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | |||||
| CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | |||||
| CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-16 | 6.8 MEDIUM | N/A |
| The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | |||||
| CVE-2009-0160 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-16 | 6.8 MEDIUM | N/A |
| QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | |||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2008-09-11 | 2.6 LOW | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
| CVE-2003-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-11 | 7.5 HIGH | N/A |
| Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. | |||||