Total
817 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0945 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | |||||
| CVE-2009-0020 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.8 HIGH | N/A |
| Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption. | |||||
| CVE-2008-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.8 MEDIUM | N/A |
| Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | |||||
| CVE-2007-4678 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
| AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted. | |||||
| CVE-2008-1575 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. | |||||
| CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | |||||
| CVE-2008-1573 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
| The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||||
| CVE-2007-0745 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
| The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories. | |||||
| CVE-2009-2194 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | |||||
| CVE-2009-2191 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | |||||
| CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | |||||
| CVE-2008-1517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues. | |||||
| CVE-2008-3609 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file. | |||||
| CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
| CVE-2007-4695 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads. | |||||
| CVE-2007-2404 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. | |||||
| CVE-2008-0599 | 4 Apple, Canonical, Fedoraproject and 1 more | 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more | 2025-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | |||||
| CVE-2007-2407 | 2 Apple, Samba | 3 Mac Os X, Mac Os X Server, Samba Server | 2025-04-09 | 4.0 MEDIUM | N/A |
| The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota. | |||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
| CVE-2009-2811 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | |||||