Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
There are 1,941 matching records.
Displaying matches 1,881 through 1,900.
Vuln ID Summary CVSS Severity
CVE-2007-6427

The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

Published: January 18, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-4680

CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

Published: November 14, 2007; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-3073

Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

Published: June 06, 2007; 6:30:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-2388

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-2389

Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear potentially sensitive memory before use, which allows remote attackers to read memory from a web browser via unknown vectors related to Java applets.

Published: May 29, 2007; 5:30:00 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2007-0742

The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.

Published: April 24, 2007; 1:19:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-0729

Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.

Published: April 24, 2007; 12:19:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-0720

The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

Published: March 13, 2007; 5:19:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0430

The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.

Published: January 22, 2007; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

Published: December 31, 2006; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-6652

Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.

Published: December 19, 2006; 9:28:00 PM -0500
V3.x:(not available)
V2.0: 9.0 HIGH
CVE-2006-4396

The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-4400

Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4401

Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4402

Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4403

The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-4404

The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-6173

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Published: November 30, 2006; 11:28:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-4887

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Published: September 19, 2006; 5:07:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-4866

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

Published: September 19, 2006; 3:07:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM