VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2005-0127May 2, 2005
    risk 0.00cvss epss 0.03

    Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

  • CVE-2005-0341May 2, 2005
    risk 0.00cvss epss 0.01

    Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.

  • CVE-2005-1106May 2, 2005
    risk 0.00cvss epss 0.01

    PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.

  • CVE-2005-0234May 2, 2005
    risk 0.00cvss epss 0.02

    The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates…

  • CVE-2005-1043Apr 14, 2005
    risk 0.00cvss epss 0.02

    exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

  • CVE-2005-0715Mar 21, 2005
    risk 0.00cvss epss 0.00

    AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.

  • CVE-2004-0988Mar 1, 2005
    risk 0.00cvss epss 0.01

    Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.

  • CVE-2004-1021Mar 1, 2005
    risk 0.00cvss epss 0.01

    iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.

  • CVE-2004-0962Feb 9, 2005
    risk 0.00cvss epss 0.03

    Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.

  • CVE-2004-0925Jan 27, 2005
    risk 0.00cvss epss 0.01

    Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.

  • CVE-2004-0923Jan 27, 2005
    risk 0.00cvss epss 0.00

    CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.

  • CVE-2004-0927Jan 27, 2005
    risk 0.00cvss epss 0.01

    ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.

  • CVE-2004-0886Jan 27, 2005
    risk 0.00cvss epss 0.05

    Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

  • CVE-2004-0924Jan 27, 2005
    risk 0.00cvss epss 0.01

    NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.

  • CVE-2004-0921Jan 27, 2005
    risk 0.00cvss epss 0.01

    AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.

  • CVE-2004-0926Jan 27, 2005
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.

  • CVE-2004-0922Jan 27, 2005
    risk 0.00cvss epss 0.01

    AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop…

  • CVE-2004-1199Jan 10, 2005
    risk 0.00cvss epss 0.02

    Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

  • CVE-2004-1123Jan 10, 2005
    risk 0.00cvss epss 0.01

    Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.

  • CVE-2004-1122Jan 10, 2005
    risk 0.00cvss epss 0.02

    Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

  • CVE-2004-1314Jan 10, 2005
    risk 0.00cvss epss 0.02

    Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability,…

  • CVE-2004-1832Dec 31, 2004
    risk 0.00cvss epss 0.02

    Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660.

  • CVE-2004-1753Dec 31, 2004
    risk 0.00cvss epss 0.02

    The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing…

  • CVE-2004-0825Dec 31, 2004
    risk 0.00cvss epss 0.04

    QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.

  • CVE-2004-0821Dec 31, 2004
    risk 0.00cvss epss 0.00

    The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.

  • CVE-2004-0090Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.

  • CVE-2004-0429Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.

  • CVE-2004-1398Dec 31, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.

  • CVE-2004-0873Dec 23, 2004
    risk 0.00cvss epss 0.01

    Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.

  • CVE-2004-0622Dec 6, 2004
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.

  • CVE-2004-1087Dec 2, 2004
    risk 0.00cvss epss 0.00

    Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.

  • CVE-2004-1081Dec 2, 2004
    risk 0.00cvss epss 0.00

    The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.

  • CVE-2004-1086Dec 2, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.

  • CVE-2004-1088Dec 2, 2004
    risk 0.00cvss epss 0.02

    Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.

  • CVE-2004-1089Dec 2, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.

  • CVE-2004-1084Dec 2, 2004
    risk 0.00cvss epss 0.02

    Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.

  • CVE-2004-1085Dec 2, 2004
    risk 0.00cvss epss 0.00

    Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.

  • CVE-2004-0744Nov 23, 2004
    risk 0.00cvss epss 0.02

    The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.

  • CVE-2004-0743Nov 23, 2004
    risk 0.00cvss epss 0.02

    Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.

  • CVE-2005-0373Oct 7, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

  • CVE-2004-0822Sep 7, 2004
    risk 0.00cvss epss 0.01

    Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.

  • CVE-2004-0823Sep 7, 2004
    risk 0.00cvss epss 0.03

    OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers…

  • CVE-2004-0513Aug 18, 2004
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."

  • CVE-2004-0516Aug 18, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.

  • CVE-2004-0515Aug 18, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."

  • CVE-2004-0517Aug 18, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.

  • CVE-2004-0518Aug 18, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.

  • CVE-2004-0514Aug 18, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."

  • CVE-2004-0539Aug 6, 2004
    risk 0.00cvss epss 0.05

    The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.

  • CVE-2004-0538Aug 6, 2004
    risk 0.00cvss epss 0.02

    LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.