Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-0059 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 30, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which trigg...Show more CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.Show less
CVE-2010-0058 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 30, 2010 N/A· v4 N/A· v3 6.4 MEDIUM· v2 freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into t...Show more freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.Show less
CVE-2010-0057 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 30, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
CVE-2010-0056 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 30, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
CVE-2009-2801 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Mar 30, 2010 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
CVE-2010-1119 1Apple 4Iphone Os Mac Os XMac Os X Server+1 more Apr 29, 2026 Mar 25, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary...Show more Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.Show less
CVE-2010-0302 4Apple CanonicalFedoraproject+1 more 10Cups Enterprise LinuxEnterprise Linux Desktop+7 more Apr 29, 2026 Mar 5, 2010 N/A· v4 7.5 HIGH· v3 4.3 MEDIUM· v2 Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows rem...Show more Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.Show less
CVE-2010-0205 7Apple CanonicalDebian+4 more 7Debian Linux FedoraLibpng+4 more Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large unco...Show more The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.Show less
CVE-2010-0037 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jan 20, 2010 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
CVE-2010-0036 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jan 20, 2010 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
CVE-2009-2843 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Dec 8, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
CVE-2009-4017 3Apple DebianPhp 3Debian Linux Mac Os XPhp Apr 23, 2026 Nov 24, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exha...Show more PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.Show less
CVE-2009-3553 5Apple CanonicalDebian+2 more 7Cups Debian LinuxEnterprise Linux+4 more Apr 23, 2026 Nov 20, 2009 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a de...Show more Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.Show less
CVE-2009-2840 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
CVE-2009-2839 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2009-2838 1Apple 1Mac Os X Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer ove...Show more Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.Show less
CVE-2009-2837 1Apple 1Mac Os X Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
CVE-2009-2836 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account vi...Show more Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.Show less
CVE-2009-2835 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecif...Show more The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.Show less
CVE-2009-2834 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 10, 2009 N/A· v4 N/A· v3 4.9 MEDIUM· v2 IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.

Previous 1...129130131...161 Next