Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2006-4866 |
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument. Published: September 19, 2006; 3:07:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2006-3499 |
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. Published: August 02, 2006; 9:04:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-3505 |
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. Published: August 02, 2006; 9:04:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1472 |
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-1473 |
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-3495 |
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-3496 |
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-3497 |
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2006-3498 |
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request. Published: August 02, 2006; 12:04:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2006-3946 |
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. Published: July 31, 2006; 7:04:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-3356 |
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. Published: July 06, 2006; 4:05:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2006-1440 |
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2006-1442 |
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1443 |
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2006-1445 |
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling." Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2006-1446 |
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-1448 |
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2006-1449 |
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1450 |
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2006-1451 |
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database. Published: May 12, 2006; 5:02:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |