Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5567 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6126 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 2.1 LOW N/A
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
CVE-2009-0149 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 4.4 MEDIUM N/A
Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2025-04-09 10.0 HIGH 9.8 CRITICAL
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2007-0430 1 Apple 1 Mac Os X 2025-04-09 4.9 MEDIUM N/A
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
CVE-2008-3616 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 10.0 HIGH N/A
Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted input" to unspecified API functions.
CVE-2007-2386 1 Apple 1 Mac Os X 2025-04-09 9.4 HIGH N/A
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2008-0050 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
CVE-2009-2838 1 Apple 1 Mac Os X 2025-04-09 6.8 MEDIUM N/A
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
CVE-2009-0157 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.8 MEDIUM N/A
Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.
CVE-2009-1237 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 4.9 MEDIUM N/A
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
CVE-2008-2934 3 Apple, Canonical, Mozilla 3 Mac Os X, Ubuntu Linux, Firefox 2025-04-09 6.8 MEDIUM 8.8 HIGH
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
CVE-2006-4411 1 Apple 1 Mac Os X 2025-04-09 7.2 HIGH N/A
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
CVE-2009-0011 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.2 HIGH N/A
Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to overwrite arbitrary files via unknown vectors related to an "insecure file operation" on a temporary file.
CVE-2008-2305 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2009-0014 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 2.1 LOW N/A
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder.
CVE-2008-0035 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2025-04-09 6.8 MEDIUM N/A
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
CVE-2007-0117 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 10.0 HIGH N/A
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
CVE-2008-1027 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 4.3 MEDIUM N/A
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
CVE-2007-6166 2 Apple, Microsoft 5 Mac Os X, Quicktime, Safari and 2 more 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2009-0015 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."