Search Results (14587 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-6173 1 Apple 1 Mac Os X 2026-04-23 N/A
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.
CVE-2008-3640 2 Apple, Redhat 2 Cups, Enterprise Linux 2026-04-23 N/A
Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.
CVE-2008-3639 2 Apple, Redhat 2 Cups, Enterprise Linux 2026-04-23 N/A
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
CVE-2006-6130 1 Apple 1 Mac Os X 2026-04-23 N/A
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
CVE-2008-3638 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.
CVE-2008-3637 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 8.8 High
The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue."
CVE-2006-6129 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.
CVE-2008-3636 1 Apple 1 Itunes 2026-04-23 N/A
Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
CVE-2008-3644 1 Apple 1 Safari 2026-04-23 N/A
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
CVE-2006-6127 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
CVE-2008-3635 3 Apple, Intel, Microsoft 5 Quicktime, Indeo, Windows-nt and 2 more 2026-04-23 N/A
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2008-3634 1 Apple 3 Itunes, Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
CVE-2006-6126 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
CVE-2008-3632 1 Apple 3 Iphone, Iphone Os, Ipod Touch 2026-04-23 N/A
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
CVE-2008-3631 1 Apple 1 Ipod Touch 2026-04-23 N/A
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.
CVE-2006-6062 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
CVE-2008-3630 2 Apple, Microsoft 6 Bonjour, Windows-nt, Windows 2000 and 3 more 2026-04-23 N/A
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2008-3629 2 Apple, Microsoft 6 Mac Os X, Mac Os X Server, Quicktime and 3 more 2026-04-23 N/A
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read.
CVE-2006-6061 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
CVE-2008-3628 2 Apple, Microsoft 2 Quicktime, Windows 2026-04-23 N/A
Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, related to an "invalid pointer issue."