Search Results (14587 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3707 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
CVE-2006-1220 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
CVE-2006-3498 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
CVE-2006-0848 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
CVE-2004-1081 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
CVE-2006-0401 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
CVE-2003-0502 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
CVE-2002-1266 1 Apple 1 Mac Os X 2026-04-16 N/A
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
CVE-2006-0400 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
CVE-2004-1021 1 Apple 1 Ical 2026-04-16 N/A
iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.
CVE-2006-0399 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2006-0398 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2004-0988 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.
CVE-2006-0395 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
CVE-2003-0466 7 Apple, Freebsd, Netbsd and 4 more 10 Mac Os X, Mac Os X Server, Freebsd and 7 more 2026-04-16 9.8 Critical
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
CVE-2006-0397 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
CVE-2004-0962 1 Apple 1 Apple Remote Desktop 2026-04-16 N/A
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
CVE-2005-1726 1 Apple 1 Mac Os X 2026-04-16 N/A
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
CVE-2006-0396 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
CVE-2006-0393 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.