Filtered by vendor Apple
Subscriptions
Filtered by product Mac Os X Server
Subscriptions
Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | ||||
| CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | ||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | ||||
| CVE-2007-1661 | 2 Apple, Pcre | 3 Mac Os X, Mac Os X Server, Perl-compatible Regular Expression Library | 2025-04-09 | N/A |
| Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns. | ||||
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | ||||
| CVE-2007-2406 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quartz Composer | 2025-04-09 | N/A |
| Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a certain object pointer, which might allow user-assisted remote attackers to execute arbitrary code via a crafted Quartz Composer file. | ||||
| CVE-2008-1572 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | ||||
| CVE-2008-1575 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. | ||||
| CVE-2008-1580 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-09 | N/A |
| CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | ||||
| CVE-2008-3610 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list. | ||||
| CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | ||||
| CVE-2007-4695 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | ||||
| CVE-2007-4701 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | ||||
| CVE-2007-4703 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions. | ||||
| CVE-2008-2321 | 1 Apple | 3 Coregraphics, Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." | ||||
| CVE-2009-0014 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. | ||||
| CVE-2008-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | ||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | ||||
| CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | ||||
| CVE-2008-1032 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | ||||