Search Results (5636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-0745 1 Apple 1 Mac Os X Server 2026-04-23 N/A
The Apple Security Update 2007-004 uses an incorrect configuration file for FTPServer in Apple Mac OS X Server 10.4.9, which might allow remote authenticated users to access additional directories.
CVE-2007-0746 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
CVE-2009-0001 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2026-04-23 N/A
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
CVE-2007-0753 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2009-0153 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2026-04-23 N/A
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2007-5847 1 Apple 1 Mac Os X 2026-04-23 N/A
Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
CVE-2009-0012 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
CVE-2009-0010 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
CVE-2009-0020 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
CVE-2009-0015 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
CVE-2009-0150 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.
CVE-2009-2800 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
CVE-2009-3767 5 Apple, Fedoraproject, Openldap and 2 more 6 Mac Os X, Fedora, Openldap and 3 more 2026-04-23 N/A
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-2804 2 Apple, Microsoft 4 Mac Os X, Mac Os X Server, Safari and 1 more 2026-04-23 N/A
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.
CVE-2009-2813 4 Apple, Fedoraproject, Redhat and 1 more 6 Mac Os X, Mac Os X Server, Fedora and 3 more 2026-04-23 N/A
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.
CVE-2009-2824 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
CVE-2009-2820 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2026-04-23 N/A
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
CVE-2009-2826 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-2831 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-23 N/A
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
CVE-2008-0041 1 Apple 1 Mac Os X 2026-04-23 N/A
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.