Filtered by vendor Apple
Subscribe
Total
12680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-1270 | 1 Apple | 1 Mac Os X | 2025-04-03 | 2.1 LOW | N/A |
| Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call. | |||||
| CVE-2005-0715 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
| AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. | |||||
| CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||||
| CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 2.1 LOW | N/A |
| The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||||
| CVE-2004-0165 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | |||||
| CVE-2005-2518 | 1 Apple | 1 Mac Os X | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||||
| CVE-2002-0862 | 2 Apple, Microsoft | 10 Macos, Internet Explorer, Office and 7 more | 2025-04-03 | 6.8 MEDIUM | N/A |
| The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS. | |||||
| CVE-2004-1084 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles. | |||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. | |||||
| CVE-2006-3496 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. | |||||
| CVE-2006-1467 | 1 Apple | 1 Itunes | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | |||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2025-04-03 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2006-0384 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 7.5 HIGH | N/A |
| automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names". | |||||
| CVE-2005-1728 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
| MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials. | |||||
| CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2025-04-03 | 5.0 MEDIUM | N/A |
| Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | |||||
| CVE-2002-1269 | 1 Apple | 1 Mac Os X | 2025-04-03 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem. | |||||
| CVE-2005-2754 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes." | |||||
| CVE-2005-4092 | 1 Apple | 2 Itunes, Quicktime | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement. | |||||
| CVE-2002-2326 | 1 Apple | 1 Mac Os X | 2025-04-03 | 5.0 MEDIUM | N/A |
| The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic. | |||||
| CVE-2006-4384 | 1 Apple | 1 Quicktime | 2025-04-03 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. | |||||