Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-0744 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments th...Show more The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.Show less
CVE-2004-0743 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, w...Show more Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.Show less
CVE-2004-0112 244d AppleAvaya+21 more 65Aaa Server Access RegistrarApache Based Web Server+62 more Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a de...Show more The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.Show less
CVE-2004-0081 234d AppleAvaya+20 more 66Aaa Server Access RegistrarApache Based Web Server+63 more Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
CVE-2004-0079 234d AppleAvaya+20 more 66Aaa Server Access RegistrarApache Based Web Server+63 more Apr 16, 2026 Nov 23, 2004 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
CVE-2005-0373 6Apple ConectivaCyrus+3 more 8Fedora Core LinuxMac Os X+5 more Apr 16, 2026 Oct 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary cod...Show more Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.Show less
CVE-2004-0823 2Apple Openldap 3Mac Os X Mac Os X ServerOpenldap Apr 16, 2026 Sep 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if th...Show more OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.Show less
CVE-2004-0822 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Sep 7, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
CVE-2004-0518 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
CVE-2004-0517 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
CVE-2004-0516 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
CVE-2004-0515 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
CVE-2004-0514 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
CVE-2004-0513 1Apple 1Mac Os X Apr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
CVE-2004-0539 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
CVE-2004-0538 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
CVE-2004-0489 1Apple 1Mac Os X Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.6 HIGH· v2 Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R...Show more Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.Show less
CVE-2004-0486 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.6 HIGH· v2 HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in th...Show more HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.Show less
CVE-2004-0485 1Apple 1Mac Os X Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume.
CVE-2004-0430 1Apple 2Mac Os X Mac Os X Server Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request wit...Show more Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.Show less

Previous 1...156157158...161 Next