Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-6900 1Apple 1Mac Os X Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
CVE-2006-6652 2Apple Netbsd 2Mac Os X Netbsd Apr 23, 2026 Dec 20, 2006 N/A· v4 N/A· v3 9.0 HIGH· v2 Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote a...Show more Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.Show less
CVE-2006-5681 1Apple 2Mac Os X Mac Os X Server Apr 23, 2026 Dec 20, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered b...Show more QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.Show less
CVE-2006-6353 1Apple 3Bomarchivehelper Mac Os XMac Os X Server Apr 23, 2026 Dec 7, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FA...Show more Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".Show less
CVE-2006-6292 1Apple 1Mac Os X Apr 23, 2026 Dec 5, 2006 N/A· v4 N/A· v3 5.7 MEDIUM· v2 Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) an...Show more Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.Show less
CVE-2006-6173 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allo...Show more Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.Show less
CVE-2006-4412 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
CVE-2006-4411 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
CVE-2006-4410 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
CVE-2006-4409 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system...Show more The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.Show less
CVE-2006-4408 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources...Show more The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.Show less
CVE-2006-4407 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes...Show more The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.Show less
CVE-2006-4406 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-4404 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
CVE-2006-4403 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enume...Show more The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.Show less
CVE-2006-4402 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
CVE-2006-4401 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
CVE-2006-4400 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
CVE-2006-4398 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
CVE-2006-4396 1Apple 1Mac Os X Apr 23, 2026 Nov 30, 2006 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlin...Show more The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.Show less

Previous 1...145146147...161 Next