Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4404 | 0.00 | — | 0.02 | Nov 30, 2006 | The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||
| CVE-2006-4402 | 0.00 | — | 0.06 | Nov 30, 2006 | Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. | |||
| CVE-2006-4411 | 0.00 | — | 0.00 | Nov 30, 2006 | The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2006-6127 | 0.00 | — | 0.00 | Nov 27, 2006 | Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | |||
| CVE-2006-6126 | 0.00 | — | 0.00 | Nov 27, 2006 | Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. | |||
| CVE-2006-4413 | 0.00 | — | 0.00 | Nov 18, 2006 | Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | |||
| CVE-2006-5327 | 0.00 | — | 0.01 | Oct 17, 2006 | Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar… | |||
| CVE-2006-5328 | 0.00 | — | 0.00 | Oct 17, 2006 | OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file. | |||
| CVE-2006-4395 | 0.00 | — | 0.03 | Oct 3, 2006 | Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported… | |||
| CVE-2006-4399 | 0.00 | — | 0.01 | Oct 3, 2006 | User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which… | |||
| CVE-2006-4391 | 0.00 | — | 0.06 | Oct 3, 2006 | Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. | |||
| CVE-2006-4397 | 0.00 | — | 0.00 | Oct 3, 2006 | Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's… | |||
| CVE-2006-4394 | 0.00 | — | 0.03 | Oct 3, 2006 | A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. | |||
| CVE-2006-4393 | 0.00 | — | 0.00 | Oct 3, 2006 | Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. | |||
| CVE-2006-4390 | 0.00 | — | 0.01 | Oct 3, 2006 | CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. | |||
| CVE-2006-4387 | 0.00 | — | 0.00 | Oct 3, 2006 | Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage… | |||
| CVE-2006-3508 | 0.00 | — | 0.01 | Sep 21, 2006 | Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | |||
| CVE-2006-3509 | 0.00 | — | 0.01 | Sep 21, 2006 | Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | |||
| CVE-2006-4887 | 0.00 | — | 0.00 | Sep 19, 2006 | Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be… | |||
| CVE-2006-4381 | 0.00 | — | 0.04 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. | |||
| CVE-2006-4388 | 0.00 | — | 0.06 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. | |||
| CVE-2006-4386 | 0.00 | — | 0.06 | Sep 12, 2006 | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. | |||
| CVE-2006-3506 | 0.00 | — | 0.00 | Aug 21, 2006 | Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." | |||
| CVE-2006-3499 | 0.00 | — | 0.00 | Aug 3, 2006 | The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||
| CVE-2006-3502 | 0.00 | — | 0.03 | Aug 3, 2006 | Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled. | |||
| CVE-2006-0392 | 0.00 | — | 0.03 | Aug 3, 2006 | Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. | |||
| CVE-2006-3503 | 0.00 | — | 0.03 | Aug 3, 2006 | Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. | |||
| CVE-2006-0393 | 0.00 | — | 0.02 | Aug 3, 2006 | OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. | |||
| CVE-2006-3501 | 0.00 | — | 0.03 | Aug 3, 2006 | Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | |||
| CVE-2006-3505 | 0.00 | — | 0.04 | Aug 3, 2006 | WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. | |||
| CVE-2006-3504 | 0.00 | — | 0.01 | Aug 3, 2006 | The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. | |||
| CVE-2006-3500 | 0.00 | — | 0.00 | Aug 3, 2006 | The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability. | |||
| CVE-2006-1472 | 0.00 | — | 0.02 | Aug 2, 2006 | Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. | |||
| CVE-2006-3496 | 0.00 | — | 0.03 | Aug 2, 2006 | AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. | |||
| CVE-2006-3495 | 0.00 | — | 0.01 | Aug 2, 2006 | AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. | |||
| CVE-2006-3497 | 0.00 | — | 0.04 | Aug 2, 2006 | Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. | |||
| CVE-2006-1473 | 0.00 | — | 0.05 | Aug 2, 2006 | Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. | |||
| CVE-2006-3946 | 0.00 | — | 0.05 | Jul 31, 2006 | WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally… | |||
| CVE-2006-3356 | 0.00 | — | 0.01 | Jul 6, 2006 | The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue… | |||
| CVE-2006-1469 | 0.00 | — | 0.05 | Jun 27, 2006 | Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. | |||
| CVE-2006-1471 | 0.00 | — | 0.00 | Jun 27, 2006 | Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted… | |||
| CVE-2006-1468 | 0.00 | — | 0.02 | Jun 27, 2006 | Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. | |||
| CVE-2006-3224 | 0.00 | — | 0.01 | Jun 26, 2006 | Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system… | |||
| CVE-2006-1466 | 0.00 | — | 0.02 | May 24, 2006 | Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. | |||
| CVE-2006-1449 | 0.00 | — | 0.05 | May 12, 2006 | Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment. | |||
| CVE-2006-1441 | 0.00 | — | 0.04 | May 12, 2006 | Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding. | |||
| CVE-2006-1455 | 0.00 | — | 0.04 | May 12, 2006 | QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. | |||
| CVE-2006-1456 | 0.00 | — | 0.06 | May 12, 2006 | Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. | |||
| CVE-2006-1440 | 0.00 | — | 0.00 | May 12, 2006 | BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. | |||
| CVE-2006-1450 | 0.00 | — | 0.05 | May 12, 2006 | Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes. |
- CVE-2006-4404Nov 30, 2006risk 0.00cvss —epss 0.02
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
- CVE-2006-4402Nov 30, 2006risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
- CVE-2006-4411Nov 30, 2006risk 0.00cvss —epss 0.00
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
- CVE-2006-6127Nov 27, 2006risk 0.00cvss —epss 0.00
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
- CVE-2006-6126Nov 27, 2006risk 0.00cvss —epss 0.00
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
- CVE-2006-4413Nov 18, 2006risk 0.00cvss —epss 0.00
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
- CVE-2006-5327Oct 17, 2006risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar…
- CVE-2006-5328Oct 17, 2006risk 0.00cvss —epss 0.00
OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to create arbitrary files via a symlink attack on the simulation.sql file.
- CVE-2006-4395Oct 3, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported…
- CVE-2006-4399Oct 3, 2006risk 0.00cvss —epss 0.01
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which…
- CVE-2006-4391Oct 3, 2006risk 0.00cvss —epss 0.06
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.
- CVE-2006-4397Oct 3, 2006risk 0.00cvss —epss 0.00
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's…
- CVE-2006-4394Oct 3, 2006risk 0.00cvss —epss 0.03
A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.
- CVE-2006-4393Oct 3, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
- CVE-2006-4390Oct 3, 2006risk 0.00cvss —epss 0.01
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
- CVE-2006-4387Oct 3, 2006risk 0.00cvss —epss 0.00
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage…
- CVE-2006-3508Sep 21, 2006risk 0.00cvss —epss 0.01
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
- CVE-2006-3509Sep 21, 2006risk 0.00cvss —epss 0.01
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
- CVE-2006-4887Sep 19, 2006risk 0.00cvss —epss 0.00
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be…
- CVE-2006-4381Sep 12, 2006risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
- CVE-2006-4388Sep 12, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
- CVE-2006-4386Sep 12, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
- CVE-2006-3506Aug 21, 2006risk 0.00cvss —epss 0.00
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
- CVE-2006-3499Aug 3, 2006risk 0.00cvss —epss 0.00
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
- CVE-2006-3502Aug 3, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
- CVE-2006-0392Aug 3, 2006risk 0.00cvss —epss 0.03
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
- CVE-2006-3503Aug 3, 2006risk 0.00cvss —epss 0.03
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
- CVE-2006-0393Aug 3, 2006risk 0.00cvss —epss 0.02
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
- CVE-2006-3501Aug 3, 2006risk 0.00cvss —epss 0.03
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
- CVE-2006-3505Aug 3, 2006risk 0.00cvss —epss 0.04
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
- CVE-2006-3504Aug 3, 2006risk 0.00cvss —epss 0.01
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
- CVE-2006-3500Aug 3, 2006risk 0.00cvss —epss 0.00
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
- CVE-2006-1472Aug 2, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
- CVE-2006-3496Aug 2, 2006risk 0.00cvss —epss 0.03
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
- CVE-2006-3495Aug 2, 2006risk 0.00cvss —epss 0.01
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
- CVE-2006-3497Aug 2, 2006risk 0.00cvss —epss 0.04
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
- CVE-2006-1473Aug 2, 2006risk 0.00cvss —epss 0.05
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
- CVE-2006-3946Jul 31, 2006risk 0.00cvss —epss 0.05
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally…
- CVE-2006-3356Jul 6, 2006risk 0.00cvss —epss 0.01
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue…
- CVE-2006-1469Jun 27, 2006risk 0.00cvss —epss 0.05
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image.
- CVE-2006-1471Jun 27, 2006risk 0.00cvss —epss 0.00
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted…
- CVE-2006-1468Jun 27, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.
- CVE-2006-3224Jun 26, 2006risk 0.00cvss —epss 0.01
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system…
- CVE-2006-1466May 24, 2006risk 0.00cvss —epss 0.02
Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service.
- CVE-2006-1449May 12, 2006risk 0.00cvss —epss 0.05
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.
- CVE-2006-1441May 12, 2006risk 0.00cvss —epss 0.04
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
- CVE-2006-1455May 12, 2006risk 0.00cvss —epss 0.04
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
- CVE-2006-1456May 12, 2006risk 0.00cvss —epss 0.06
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging.
- CVE-2006-1440May 12, 2006risk 0.00cvss —epss 0.00
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.
- CVE-2006-1450May 12, 2006risk 0.00cvss —epss 0.05
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.
Page 163 of 169