Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-1443 | 0.00 | — | 0.02 | May 12, 2006 | Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2)… | |||
| CVE-2006-1452 | 0.00 | — | 0.00 | May 12, 2006 | Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy. | |||
| CVE-2006-1439 | 0.00 | — | 0.00 | May 12, 2006 | NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events. | |||
| CVE-2006-1446 | 0.00 | — | 0.03 | May 12, 2006 | Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. | |||
| CVE-2006-1445 | 0.00 | — | 0.04 | May 12, 2006 | Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling." | |||
| CVE-2006-1451 | 0.00 | — | 0.00 | May 12, 2006 | MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. | |||
| CVE-2006-1444 | 0.00 | — | 0.00 | May 12, 2006 | CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services. | |||
| CVE-2006-1447 | 0.00 | — | 0.03 | May 12, 2006 | LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. | |||
| CVE-2006-1442 | 0.00 | — | 0.03 | May 12, 2006 | The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle. | |||
| CVE-2006-1457 | 0.00 | — | 0.02 | May 12, 2006 | Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. | |||
| CVE-2006-1448 | 0.00 | — | 0.02 | May 12, 2006 | Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme. | |||
| CVE-2006-1459 | 0.00 | — | 0.04 | May 12, 2006 | Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). | |||
| CVE-2006-1462 | 0.00 | — | 0.04 | May 12, 2006 | Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. | |||
| CVE-2006-1458 | 0.00 | — | 0.04 | May 12, 2006 | Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. | |||
| CVE-2006-1460 | 0.00 | — | 0.06 | May 12, 2006 | Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. | |||
| CVE-2006-1465 | 0.00 | — | 0.05 | May 12, 2006 | Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. | |||
| CVE-2006-1461 | 0.00 | — | 0.05 | May 12, 2006 | Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. | |||
| CVE-2006-1984 | 0.00 | — | 0.03 | Apr 21, 2006 | Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference. | |||
| CVE-2006-1981 | 0.00 | — | 0.00 | Apr 21, 2006 | Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. | |||
| CVE-2006-1986 | 0.00 | — | 0.04 | Apr 21, 2006 | Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl. | |||
| CVE-2006-1987 | 0.00 | — | 0.04 | Apr 21, 2006 | Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher,… | |||
| CVE-2006-1988 | 0.00 | — | 0.02 | Apr 21, 2006 | The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in… | |||
| CVE-2006-0401 | 0.00 | — | 0.00 | Apr 5, 2006 | Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||
| CVE-2006-1552 | 0.00 | — | 0.04 | Mar 31, 2006 | Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | |||
| CVE-2006-1249 | 0.00 | — | 0.06 | Mar 19, 2006 | Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||
| CVE-2006-0400 | 0.00 | — | 0.02 | Mar 14, 2006 | CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||
| CVE-2006-0398 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-0397 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-0399 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-1220 | 0.00 | — | 0.01 | Mar 14, 2006 | Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||
| CVE-2006-0388 | 0.00 | — | 0.01 | Mar 3, 2006 | Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | |||
| CVE-2006-0389 | 0.00 | — | 0.03 | Mar 3, 2006 | Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||
| CVE-2006-0386 | 0.00 | — | 0.00 | Mar 3, 2006 | FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. | |||
| CVE-2006-0391 | 0.00 | — | 0.01 | Mar 3, 2006 | Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | |||
| CVE-2006-0383 | 0.00 | — | 0.04 | Mar 2, 2006 | IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions". | |||
| CVE-2006-0384 | 0.00 | — | 0.04 | Mar 2, 2006 | automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names". | |||
| CVE-2006-0382 | 0.00 | — | 0.00 | Feb 14, 2006 | Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. | |||
| CVE-2005-3712 | 0.00 | — | 0.04 | Dec 31, 2005 | Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes. | |||
| CVE-2005-3706 | 0.00 | — | 0.04 | Dec 31, 2005 | Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | |||
| CVE-2005-3709 | 0.00 | — | 0.04 | Dec 31, 2005 | Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. | |||
| CVE-2005-3714 | 0.00 | — | 0.02 | Dec 31, 2005 | The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets. | |||
| CVE-2005-2194 | 0.00 | — | 0.02 | Dec 31, 2005 | Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. | |||
| CVE-2005-2738 | 0.00 | — | 0.02 | Dec 31, 2005 | Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | |||
| CVE-2005-0985 | 0.00 | — | 0.00 | Dec 31, 2005 | Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. | |||
| CVE-2005-2530 | 0.00 | — | 0.02 | Dec 31, 2005 | Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | |||
| CVE-2005-3782 | 0.00 | — | 0.00 | Dec 31, 2005 | Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or… | |||
| CVE-2005-3711 | 0.00 | — | 0.04 | Dec 31, 2005 | Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values. | |||
| CVE-2005-2529 | 0.00 | — | 0.02 | Dec 31, 2005 | Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | |||
| CVE-2005-1726 | 0.00 | — | 0.00 | Dec 31, 2005 | The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions." | |||
| CVE-2005-3708 | 0.00 | — | 0.03 | Dec 31, 2005 | Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. |
- CVE-2006-1443May 12, 2006risk 0.00cvss —epss 0.02
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2)…
- CVE-2006-1452May 12, 2006risk 0.00cvss —epss 0.00
Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy.
- CVE-2006-1439May 12, 2006risk 0.00cvss —epss 0.00
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
- CVE-2006-1446May 12, 2006risk 0.00cvss —epss 0.03
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked.
- CVE-2006-1445May 12, 2006risk 0.00cvss —epss 0.04
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."
- CVE-2006-1451May 12, 2006risk 0.00cvss —epss 0.00
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
- CVE-2006-1444May 12, 2006risk 0.00cvss —epss 0.00
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services.
- CVE-2006-1447May 12, 2006risk 0.00cvss —epss 0.03
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
- CVE-2006-1442May 12, 2006risk 0.00cvss —epss 0.03
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle.
- CVE-2006-1457May 12, 2006risk 0.00cvss —epss 0.02
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
- CVE-2006-1448May 12, 2006risk 0.00cvss —epss 0.02
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.
- CVE-2006-1459May 12, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
- CVE-2006-1462May 12, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
- CVE-2006-1458May 12, 2006risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
- CVE-2006-1460May 12, 2006risk 0.00cvss —epss 0.06
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
- CVE-2006-1465May 12, 2006risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
- CVE-2006-1461May 12, 2006risk 0.00cvss —epss 0.05
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
- CVE-2006-1984Apr 21, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
- CVE-2006-1981Apr 21, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.
- CVE-2006-1986Apr 21, 2006risk 0.00cvss —epss 0.04
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via a large CELLSPACING attribute in a TABLE tag, which triggers an error in KWQListIteratorImpl::KWQListIteratorImpl.
- CVE-2006-1987Apr 21, 2006risk 0.00cvss —epss 0.04
Apple Safari 2.0.3 allows remote attackers to cause a denial of service and possibly execute code via an invalid FRAME tag, possibly due to (1) multiple SCROLLING attributes with no values, or (2) a SRC attribute with no value. NOTE: due to lack of diagnosis by the researcher,…
- CVE-2006-1988Apr 21, 2006risk 0.00cvss —epss 0.02
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in…
- CVE-2006-0401Apr 5, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
- CVE-2006-1552Mar 31, 2006risk 0.00cvss —epss 0.04
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
- CVE-2006-1249Mar 19, 2006risk 0.00cvss —epss 0.06
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks.
- CVE-2006-0400Mar 14, 2006risk 0.00cvss —epss 0.02
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
- CVE-2006-0398Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-0397Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-0399Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-1220Mar 14, 2006risk 0.00cvss —epss 0.01
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
- CVE-2006-0388Mar 3, 2006risk 0.00cvss —epss 0.01
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
- CVE-2006-0389Mar 3, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
- CVE-2006-0386Mar 3, 2006risk 0.00cvss —epss 0.00
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
- CVE-2006-0391Mar 3, 2006risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
- CVE-2006-0383Mar 2, 2006risk 0.00cvss —epss 0.04
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
- CVE-2006-0384Mar 2, 2006risk 0.00cvss —epss 0.04
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
- CVE-2006-0382Feb 14, 2006risk 0.00cvss —epss 0.00
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
- CVE-2005-3712Dec 31, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
- CVE-2005-3706Dec 31, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
- CVE-2005-3709Dec 31, 2005risk 0.00cvss —epss 0.04
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
- CVE-2005-3714Dec 31, 2005risk 0.00cvss —epss 0.02
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
- CVE-2005-2194Dec 31, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
- CVE-2005-2738Dec 31, 2005risk 0.00cvss —epss 0.02
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
- CVE-2005-0985Dec 31, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.
- CVE-2005-2530Dec 31, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
- CVE-2005-3782Dec 31, 2005risk 0.00cvss —epss 0.00
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or…
- CVE-2005-3711Dec 31, 2005risk 0.00cvss —epss 0.04
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
- CVE-2005-2529Dec 31, 2005risk 0.00cvss —epss 0.02
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
- CVE-2005-1726Dec 31, 2005risk 0.00cvss —epss 0.00
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
- CVE-2005-3708Dec 31, 2005risk 0.00cvss —epss 0.03
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Page 164 of 169