National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.13.5
There are 1,665 matching records.
Displaying matches 1641 through 1660.
Vuln ID Summary CVSS Severity
CVE-2009-3954

The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."

Published: January 13, 2010; 02:30:00 PM -05:00
    V2: 10.0 HIGH
CVE-2009-3953

The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.

Published: January 13, 2010; 02:30:00 PM -05:00
    V2: 10.0 HIGH
CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.

Published: November 13, 2009; 10:30:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2009-3282

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

Published: October 16, 2009; 12:30:00 PM -04:00
    V2: 7.8 HIGH
CVE-2009-3281

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

Published: October 16, 2009; 12:30:00 PM -04:00
    V2: 7.2 HIGH
CVE-2009-3692

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

Published: October 13, 2009; 06:30:00 AM -04:00
    V2: 7.2 HIGH
CVE-2007-6722

Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

Published: March 31, 2009; 01:30:00 PM -04:00
    V2: 5.0 MEDIUM
CVE-2009-0601

Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.

Published: February 16, 2009; 03:30:03 PM -05:00
    V2: 2.1 LOW
CVE-2008-4491

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

Published: October 08, 2008; 02:00:03 PM -04:00
    V2: 5.0 MEDIUM
CVE-2008-2934

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.

Published: July 18, 2008; 12:41:00 PM -04:00
    V2: 6.8 MEDIUM
CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

Published: June 02, 2008; 05:30:00 PM -04:00
    V2: 2.1 LOW
CVE-2008-0298

KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.

Published: January 16, 2008; 06:00:00 PM -05:00
    V2: 4.3 MEDIUM
CVE-2007-5476

Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.

Published: October 17, 2007; 08:17:00 PM -04:00
    V2: 10.0 HIGH
CVE-2007-4938

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Published: September 18, 2007; 03:17:00 PM -04:00
    V2: 7.6 HIGH
CVE-2007-2400

Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects.

Published: June 25, 2007; 03:30:00 PM -04:00
    V2: 4.3 MEDIUM
CVE-2007-3184

Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.

Published: June 12, 2007; 05:30:00 PM -04:00
    V2: 7.2 HIGH
CVE-2007-3073

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

Published: June 06, 2007; 06:30:00 AM -04:00
    V2: 7.8 HIGH
CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

Published: May 29, 2007; 05:30:00 PM -04:00
    V2: 9.3 HIGH
CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

Published: May 29, 2007; 05:30:00 PM -04:00
    V2: 7.1 HIGH
CVE-2007-2682

The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as used in Adobe Creative Suite 3 (CS3), does not re-enable the personal firewall after completing the product installation, which allows remote attackers to bypass intended firewall rules.

Published: May 18, 2007; 02:30:00 PM -04:00
    V2: 7.5 HIGH