Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.2.0:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-3798 |
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value. Published: July 16, 2007; 6:30:00 PM -0400 |
V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2007-0742 |
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. Published: April 24, 2007; 1:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-0720 |
The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted. Published: March 13, 2007; 5:19:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-0430 |
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value. Published: January 22, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2006-6906 |
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900. Published: December 31, 2006; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4396 |
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-4400 |
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4401 |
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4402 |
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-4403 |
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2006-4404 |
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-6173 |
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. Published: November 30, 2006; 11:28:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-5051 |
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. Published: September 27, 2006; 7:07:00 PM -0400 |
V3.1: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2006-4887 |
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. Published: September 19, 2006; 5:07:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-4095 |
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. Published: September 05, 2006; 8:04:00 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2006-3356 |
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. Published: July 06, 2006; 4:05:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-1984 |
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference. Published: April 21, 2006; 6:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-0985 |
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2005-2194 |
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-2752 |
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. Published: November 01, 2005; 7:47:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |