Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.0.0
There are 3,014 matching records.
Displaying matches 2,981 through 3,000.
Vuln ID Summary CVSS Severity
CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Published: June 25, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3184

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Published: June 12, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-3073

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

Published: June 06, 2007; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-2682

The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.

Published: May 18, 2007; 2:30:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-2736

PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.

Published: May 17, 2007; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2007-1898

formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters.

Published: May 16, 2007; 6:30:00 PM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2007-0742

The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-1279

Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 update for Apple OS X, when patching with desktop management tools, allows local users to gain privileges via unspecified vectors during installation of the update by a different user who has administrative privileges.

Published: April 11, 2007; 6:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-1884

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.

Published: April 05, 2007; 9:19:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-0430

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

Published: January 22, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

Published: December 31, 2006; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-4396

The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-4400

Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4402

Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4403

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-4404

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6173

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH