Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-0041 1Apple 1Mac Os X Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.
CVE-2008-0040 1Apple 1Mac Os X Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trig...Show more Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.Show less
CVE-2008-0038 1Apple 1Mac Os X Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 1.9 LOW· v2 Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit...Show more Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.Show less
CVE-2008-0037 1Apple 1Mac Os X Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect...Show more X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.Show less
CVE-2007-6427 7Apple CanonicalDebian+4 more 11Debian Linux FedoraLinux+8 more Apr 23, 2026 Jan 18, 2008 N/A· v4 N/A· v3 9.3 HIGH· v2 The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerabili...Show more The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.Show less
CVE-2008-0226 6Apple CanonicalDebian+3 more 6Debian Linux Mac Os XMysql+3 more Apr 23, 2026 Jan 10, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "inp...Show more Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.Show less
CVE-2007-5863 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with t...Show more Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.Show less
CVE-2007-5861 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memor...Show more Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.Show less
CVE-2007-5860 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation."
CVE-2007-5857 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack...Show more Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.Show less
CVE-2007-5856 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 9.4 HIGH· v2 Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2007-5855 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easie...Show more Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.Show less
CVE-2007-5854 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML fi...Show more Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.Show less
CVE-2007-5853 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partitio...Show more Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.Show less
CVE-2007-5851 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 3.6 LOW· v2 iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.
CVE-2007-5850 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 8.8 HIGH· v2 Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.
CVE-2007-5848 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
CVE-2007-5847 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 6.6 MEDIUM· v2 Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.
CVE-2007-4710 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, whi...Show more Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.Show less
CVE-2007-4709 1Apple 1Mac Os X Apr 23, 2026 Dec 19, 2007 N/A· v4 N/A· v3 8.8 HIGH· v2 Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.

Previous 1...139140141...161 Next