National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.4.6
There are 3,158 matching records.
Displaying matches 3101 through 3120.
Vuln ID Summary CVSS Severity
CVE-2007-0464

The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application crash) via a crafted HTTP 301 response, which results in a NULL pointer dereference.

Published: January 30, 2007; 12:28:00 PM -05:00
    V2: 5.0 MEDIUM
CVE-2007-0430

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

Published: January 22, 2007; 09:28:00 PM -05:00
    V2: 4.9 MEDIUM
CVE-2007-0197

Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.

Published: January 11, 2007; 06:28:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

Published: December 31, 2006; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2006-5681

QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

Published: December 19, 2006; 09:28:00 PM -05:00
    V2: 2.6 LOW
CVE-2006-6652

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

Published: December 19, 2006; 09:28:00 PM -05:00
    V2: 9.0 HIGH
CVE-2006-4396

The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 4.6 MEDIUM
CVE-2006-4398

Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 7.2 HIGH
CVE-2006-4400

Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 5.1 MEDIUM
CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 5.1 MEDIUM
CVE-2006-4402

Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 5.1 MEDIUM
CVE-2006-4403

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 4.0 MEDIUM
CVE-2006-4404

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 10.0 HIGH
CVE-2006-4406

Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 7.5 HIGH
CVE-2006-4408

The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2006-4409

The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2006-4410

The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 7.5 HIGH
CVE-2006-4411

The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 7.2 HIGH
CVE-2006-4412

WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 6.8 MEDIUM
CVE-2006-6173

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Published: November 30, 2006; 11:28:00 AM -05:00
    V2: 7.2 HIGH