U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
There are 2,106 matching records.
Displaying matches 2,021 through 2,040.
Vuln ID Summary CVSS Severity
CVE-2006-4866

Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

Published: September 19, 2006; 3:07:00 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-3499

The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.

Published: August 02, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-3505

WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

Published: August 02, 2006; 9:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1472

Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1473

Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3495

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-3496

AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-3497

Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-3498

Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.

Published: August 02, 2006; 12:04:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-3946

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

Published: July 31, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-3356

The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.

Published: July 06, 2006; 4:05:00 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-1440

BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-1442

The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary code from an untrusted bundle.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1443

Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-1445

Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-1446

Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-1448

Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme, but which actually has a different and more risky scheme.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-1449

Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1450

Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initialize arbitrary classes.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-1451

MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.

Published: May 12, 2006; 5:02:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH