Filtered by vendor Apple
Subscribe
Search
Total
10011 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. | |||||
| CVE-2005-0043 | 1 Apple | 1 Itunes | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | |||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2004-1832 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. | |||||
| CVE-2004-1121 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. | |||||
| CVE-2004-1123 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | |||||
| CVE-2004-1199 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2004-1083 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization. | |||||
| CVE-2004-0873 | 1 Apple | 2 Ichat, Ichat Av | 2017-07-11 | 7.5 HIGH | N/A |
| Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program. | |||||
| CVE-2004-1089 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users. | |||||
| CVE-2004-1088 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information. | |||||
| CVE-2004-1087 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. | |||||
| CVE-2004-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. | |||||
| CVE-2004-1086 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file. | |||||
| CVE-2004-1085 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. | |||||
| CVE-2004-0517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. | |||||
| CVE-2004-0516 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. | |||||
| CVE-2004-0515 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." | |||||
| CVE-2004-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." | |||||
| CVE-2004-0513 | 1 Apple | 1 Mac Os X | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls." | |||||
| CVE-2004-0489 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.6 HIGH | N/A |
| Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | |||||
| CVE-2004-0486 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.6 HIGH | N/A |
| HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. | |||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | |||||
| CVE-2004-0431 | 1 Apple | 1 Quicktime | 2017-07-11 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-0430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field. | |||||
| CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. | |||||
| CVE-2004-0428 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. | |||||
| CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." | |||||
| CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. | |||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||||
| CVE-2004-0825 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations. | |||||
| CVE-2004-0824 | 1 Apple | 1 Mac Os X | 2017-07-11 | 2.1 LOW | N/A |
| PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files. | |||||
| CVE-2004-0822 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable. | |||||
| CVE-2004-0821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. | |||||
| CVE-2004-1081 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. | |||||
| CVE-2004-1084 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles. | |||||
| CVE-2004-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | |||||
| CVE-2004-0743 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak. | |||||
| CVE-2004-1314 | 1 Apple | 1 Safari | 2017-07-11 | 7.5 HIGH | N/A |
| Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | |||||
| CVE-2004-0720 | 1 Apple | 1 Safari | 2017-07-11 | 7.5 HIGH | N/A |
| Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-1021 | 1 Apple | 1 Ical | 2017-07-11 | 7.5 HIGH | N/A |
| iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. | |||||
| CVE-2004-0087 | 1 Apple | 1 Mac Os X | 2017-07-11 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. | |||||
| CVE-2001-1447 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. | |||||
| CVE-2001-1480 | 2 Apple, Sun | 4 Mac Os Runtime For Java, Jdk, Jre and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard. | |||||
| CVE-2001-1575 | 1 Apple | 1 Personal Web Sharing | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow. | |||||
| CVE-2002-1368 | 2 Apple, Easy Software Products | 2 Mac Os X, Cups | 2017-07-11 | 7.5 HIGH | N/A |
| Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding. | |||||
| CVE-2003-0270 | 1 Apple | 1 802.11n | 2017-07-11 | 7.6 HIGH | N/A |
| The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections. | |||||
| CVE-2003-0420 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. | |||||
| CVE-2003-0601 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved. | |||||
| CVE-2003-0876 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. | |||||