Total
5565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2009-10-19 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2005-0970 | 1 Apple | 1 Mac Os X | 2009-10-14 | 7.6 HIGH | N/A |
| Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. | |||||
| CVE-2009-2205 | 1 Apple | 5 Java 1.4, Java 1.5, Java 1.6 and 2 more | 2009-09-19 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | |||||
| CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-18 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | |||||
| CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-16 | 6.8 MEDIUM | N/A |
| The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | |||||
| CVE-2009-0160 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-16 | 6.8 MEDIUM | N/A |
| QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | |||||
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2008-11-15 | 7.2 HIGH | N/A |
| Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | |||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2008-09-11 | 2.6 LOW | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
| CVE-2003-0088 | 1 Apple | 1 Mac Os X | 2008-09-11 | 7.2 HIGH | N/A |
| TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information. | |||||
| CVE-2003-0049 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-11 | 7.5 HIGH | N/A |
| Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password. | |||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 4.6 MEDIUM | N/A |
| AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | |||||
| CVE-2005-2502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. | |||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 3.6 LOW | N/A |
| Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | |||||
| CVE-2005-0712 | 1 Apple | 1 Mac Os X | 2008-09-10 | 4.6 MEDIUM | N/A |
| Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. | |||||
| CVE-2004-0925 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate. | |||||
| CVE-2004-0092 | 1 Apple | 1 Mac Os X | 2008-09-10 | 10.0 HIGH | N/A |
| Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. | |||||
| CVE-2004-0088 | 1 Apple | 1 Mac Os X | 2008-09-10 | 2.1 LOW | N/A |
| The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. | |||||
| CVE-2004-0086 | 1 Apple | 1 Mac Os X | 2008-09-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. | |||||
| CVE-2003-1005 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. | |||||