Search Results (817 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-4697 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
CVE-2007-4699 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-23 N/A
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVE-2007-4702 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
CVE-2007-4703 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
CVE-2007-5863 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
CVE-2007-5901 3 Apple, Mit, Redhat 4 Mac Os X, Mac Os X Server, Kerberos 5 and 1 more 2026-04-23 N/A
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.
CVE-2008-0045 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
CVE-2008-0046 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions.
CVE-2008-0048 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
CVE-2008-0049 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.
CVE-2008-0052 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
CVE-2008-0054 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
CVE-2008-0056 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
CVE-2008-0057 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2026-04-23 9.8 Critical
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-0987 1 Apple 4 Aperture, Iphoto, Mac Os X and 1 more 2026-04-23 N/A
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
CVE-2008-0989 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
CVE-2006-5051 4 Apple, Debian, Openbsd and 1 more 5 Mac Os X, Mac Os X Server, Debian Linux and 2 more 2026-04-23 8.1 High
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
CVE-2006-5681 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
CVE-2008-4237 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by the screen saver lock setting.