VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2007-0735Apr 24, 2007
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions…

  • CVE-2007-0742Apr 24, 2007
    risk 0.00cvss epss 0.03

    The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

  • CVE-2007-0747Apr 24, 2007
    risk 0.00cvss epss 0.01

    load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.

  • CVE-2007-0736Apr 24, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.

  • CVE-2007-0743Apr 24, 2007
    risk 0.00cvss epss 0.00

    URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.

  • CVE-2007-0729Apr 24, 2007
    risk 0.00cvss epss 0.01

    Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

  • CVE-2007-0725Apr 24, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."

  • CVE-2007-0732Apr 24, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the CoreServices daemon in CarbonCore in Apple Mac OS X 10.4 through 10.4.9 allows local users to gain privileges via unspecified vectors involving "obtaining a send right to [the] Mach task port."

  • CVE-2007-2163Apr 22, 2007
    risk 0.00cvss epss 0.01

    Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

  • CVE-2007-0734Apr 10, 2007
    risk 0.00cvss epss 0.01

    fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list…

  • CVE-2007-0726Mar 13, 2007
    risk 0.00cvss epss 0.04

    The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust…

  • CVE-2007-0731Mar 13, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.

  • CVE-2007-0723Mar 13, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.

  • CVE-2007-0730Mar 13, 2007
    risk 0.00cvss epss 0.02

    Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.

  • CVE-2007-0724Mar 13, 2007
    risk 0.00cvss epss 0.01

    The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.

  • CVE-2007-0722Mar 13, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.

  • CVE-2007-0728Mar 13, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 creates files insecurely while initializing a USB printer, which allows local users to create or overwrite arbitrary files.

  • CVE-2007-0721Mar 13, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

  • CVE-2007-0719Mar 13, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

  • CVE-2007-0720Mar 13, 2007
    risk 0.00cvss epss 0.05

    The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

  • CVE-2007-1338Mar 8, 2007
    risk 0.00cvss epss 0.03

    The default configuration of the AirPort utility in Apple AirPort Extreme creates an IPv6 tunnel but does not enable the "Block incoming IPv6 connections" setting, which might allow remote attackers to bypass intended access restrictions by establishing IPv6 sessions that would…

  • CVE-2007-0711Mar 5, 2007
    risk 0.00cvss epss 0.06

    Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.

  • CVE-2007-0718Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory…

  • CVE-2007-0713Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

  • CVE-2007-0716Mar 5, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

  • CVE-2007-0717Mar 5, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

  • CVE-2007-0715Mar 5, 2007
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

  • CVE-2007-0588Jan 30, 2007
    risk 0.00cvss epss 0.06

    The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that…

  • CVE-2007-0478Jan 25, 2007
    risk 0.00cvss epss 0.02

    WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an…

  • CVE-2007-0022Jan 23, 2007
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

  • CVE-2007-0345Jan 18, 2007
    risk 0.00cvss epss 0.00

    The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group),…

  • CVE-2007-0318Jan 18, 2007
    risk 0.00cvss epss 0.02

    The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

  • CVE-2007-0299Jan 17, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer…

  • CVE-2007-0102Jan 9, 2007
    risk 0.00cvss epss 0.05

    The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog…

  • CVE-2006-6900Dec 31, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."

  • CVE-2006-6906Dec 31, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

  • CVE-2006-5681Dec 20, 2006
    risk 0.00cvss epss 0.02

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

  • CVE-2006-6353Dec 7, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS…

  • CVE-2006-6292Dec 5, 2006
    risk 0.00cvss epss 0.01

    Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain…

  • CVE-2006-6238Dec 3, 2006
    risk 0.00cvss epss 0.01

    The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of…

  • CVE-2006-4403Nov 30, 2006
    risk 0.00cvss epss 0.04

    The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

  • CVE-2006-4396Nov 30, 2006
    risk 0.00cvss epss 0.01

    The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

  • CVE-2006-4410Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.

  • CVE-2006-4408Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be…

  • CVE-2006-4412Nov 30, 2006
    risk 0.00cvss epss 0.05

    WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.

  • CVE-2006-4400Nov 30, 2006
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

  • CVE-2006-4407Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.

  • CVE-2006-4401Nov 30, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

  • CVE-2006-4409Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

  • CVE-2006-4398Nov 30, 2006
    risk 0.00cvss epss 0.01

    Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

Page 162 of 169