Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-3744 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 3, 2007 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers...Show more Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.Show less
CVE-2007-2404 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Aug 3, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an...Show more CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks.Show less
CVE-2007-3828 1Apple 1Mac Os X Apr 23, 2026 Jul 17, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows remote attackers to execute arbitrary code via unspecified vectors, a related issue to CVE-2007-2386.
CVE-2007-3798 6Apple CanonicalDebian+3 more 7Debian Linux FreebsdMac Os X+4 more Apr 23, 2026 Jul 16, 2007 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
CVE-2007-2401 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 25, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which...Show more CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks.Show less
CVE-2007-2399 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Jun 25, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory cor...Show more WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.Show less
CVE-2007-3184 1Apple 1Mac Os X Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Ac...Show more Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation.Show less
CVE-2007-2390 1Apple 1Mac Os X Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (...Show more Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.Show less
CVE-2007-2386 1Apple 1Mac Os X Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 9.4 HIGH· v2 Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IG...Show more Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.Show less
CVE-2007-0753 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
CVE-2007-0752 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privile...Show more The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.Show less
CVE-2007-0751 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 2.1 LOW· v2 A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command.
CVE-2007-0750 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
CVE-2007-0740 1Apple 1Mac Os X Apr 23, 2026 May 24, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicio...Show more Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.Show less
CVE-2007-0747 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0746 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference"...Show more Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".Show less
CVE-2007-0744 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-0743 1Apple 1Mac Os X Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obt...Show more URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process.Show less
CVE-2007-0742 1Apple 1Mac Os X Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
CVE-2007-0741 1Apple 1Mac Os X Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.

Previous 1...142143144...161 Next