Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-4688 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
CVE-2007-4687 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arb...Show more The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.Show less
CVE-2007-4686 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a craft...Show more Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.Show less
CVE-2007-4685 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."
CVE-2007-4684 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
CVE-2007-4683 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.
CVE-2007-4682 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized o...Show more CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.Show less
CVE-2007-4681 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarch...Show more Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.Show less
CVE-2007-4680 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
CVE-2007-4679 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 2.6 LOW· v2 CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
CVE-2007-4678 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.
CVE-2007-4269 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which trigge...Show more Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.Show less
CVE-2007-4268 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed com...Show more Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.Show less
CVE-2007-4267 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.
CVE-2007-3749 1Apple 1Mac Os X Apr 23, 2026 Nov 15, 2007 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the p...Show more The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.Show less
CVE-2007-4677 2Apple Microsoft 3Mac Os X Windows VistaWindows Xp Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB...Show more Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.Show less
CVE-2007-4676 2Apple Microsoft 3Mac Os X Windows VistaWindows Xp Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opco...Show more Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.Show less
CVE-2007-4675 2Apple Microsoft 3Mac Os X Windows VistaWindows Xp Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file contai...Show more Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.Show less
CVE-2007-3751 2Apple Microsoft 3Mac Os X Windows VistaWindows Xp Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Unspecified vulnerability in QuickTime for Java in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via untrusted Java applets that gain privileges via unspecified vectors.
CVE-2007-1661 2Apple Pcre 3Mac Os X Mac Os X ServerPerl Compatible Regular Expression Library Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitiv...Show more Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.Show less

Previous 1...141142143...161 Next