Search Results (5636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4218 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple integer overflows in the kernel in Apple Mac OS X before 10.5.6 on Intel platforms allow local users to gain privileges via a crafted call to (1) i386_set_ldt or (2) i386_get_ldt.
CVE-2009-0150 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
CVE-2008-3610 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
CVE-2008-3645 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors.
CVE-2008-4215 1 Apple 1 Mac Os X Server 2026-04-23 N/A
Weblog in Mac OS X Server 10.4.11 does not properly check an error condition when a weblog posting access control list is specified for a user that has multiple short names, which might allow attackers to bypass intended access restrictions.
CVE-2008-4214 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files.
CVE-2007-5861 1 Apple 1 Mac Os X 2026-04-23 N/A
Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.
CVE-2008-4491 1 Apple 2 Mac Os X, Mail 2026-04-23 N/A
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
CVE-2009-0145 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.
CVE-2008-1148 8 Apple, Cosmicperl, Darwin and 5 more 9 Mac Os X, Mac Os X Server, Directory Pro and 6 more 2026-04-23 N/A
A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning, injection into TCP packets, and OS fingerprinting.
CVE-2009-0013 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
CVE-2009-0017 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
csregprinter in the Printing component in Apple Mac OS X 10.4.11 and 10.5.6 does not properly handle error conditions, which allows local users to execute arbitrary code via unknown vectors that trigger a heap-based buffer overflow.
CVE-2009-0019 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
CVE-2008-1580 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-23 N/A
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
CVE-2007-5862 1 Apple 1 Mac Os X 2026-04-23 N/A
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
CVE-2009-0152 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 7.5 High
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2009-0151 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
CVE-2008-2325 1 Apple 3 Mac Os X, Mac Os X Server, Quicklook 2026-04-23 N/A
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
CVE-2009-0157 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
CVE-2007-1043 9 Apple, Ezboo, Hp and 6 more 18 Mac Os X, Webstats, Hp-ux and 15 more 2026-04-23 N/A
Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.