CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2006-3502 DoS Exec Code 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
552 CVE-2006-3501 DoS Exec Code Overflow 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
553 CVE-2006-3497 DoS Exec Code 2006-08-02 2011-04-07
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
554 CVE-2006-3496 DoS 2006-08-02 2017-07-20
5.0
None Remote Low Not required None None Partial
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
555 CVE-2006-3372 DoS 2006-07-06 2017-07-20
5.0
None Remote Low Not required None None Partial
Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference.
556 CVE-2006-3224 DoS 2006-06-26 2017-07-20
5.4
None Remote High Not required None None Complete
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.
557 CVE-2006-2277 DoS 2006-05-10 2018-10-18
5.0
None Remote Low Not required None None Partial
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
558 CVE-2006-2019 DoS 2006-04-25 2018-10-18
5.0
None Remote Low Not required None None Partial
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
559 CVE-2006-1988 DoS 2006-04-21 2017-07-20
5.0
None Remote Low Not required None None Partial
The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE.
560 CVE-2006-1985 119 Exec Code Overflow 2006-04-21 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
561 CVE-2006-1984 DoS 2006-04-21 2017-07-20
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
562 CVE-2006-1552 189 DoS Overflow 2006-03-31 2017-07-20
5.0
None Remote Low Not required None None Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
563 CVE-2006-1473 DoS Exec Code Overflow 2006-08-02 2017-07-20
5.0
None Remote Low Not required None None Partial
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
564 CVE-2006-1472 2006-08-02 2017-07-21
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
565 CVE-2006-1470 399 DoS 2006-06-27 2017-07-20
5.0
None Remote Low Not required None None Partial
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error.
566 CVE-2006-1468 +Info 2006-06-27 2017-07-20
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information.
567 CVE-2006-1467 189 Exec Code Overflow 2006-06-29 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value.
568 CVE-2006-1465 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
569 CVE-2006-1464 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file.
570 CVE-2006-1463 119 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
571 CVE-2006-1462 189 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
572 CVE-2006-1461 119 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
573 CVE-2006-1460 119 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
574 CVE-2006-1459 189 DoS Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
575 CVE-2006-1458 189 Exec Code Overflow 2006-05-12 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
576 CVE-2006-1454 119 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data.
577 CVE-2006-1453 119 Exec Code Overflow 2006-05-12 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information.
578 CVE-2006-1447 2006-05-12 2017-07-20
5.0
None Remote Low Not required Partial None None
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
579 CVE-2006-1446 Bypass 2006-05-12 2017-07-20
5.0
None Remote Low Not required Partial None None
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked.
580 CVE-2006-0848 16 Exec Code 2006-02-22 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
581 CVE-2006-0396 Exec Code Overflow 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
582 CVE-2006-0395 Exec Code 2006-08-05 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
583 CVE-2006-0392 DoS Exec Code Overflow 2006-08-03 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
584 CVE-2006-0383 DoS 2006-03-02 2017-07-20
5.0
None Remote Low Not required None None Partial
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
585 CVE-2005-4678 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
586 CVE-2005-3714 399 DoS 2005-12-31 2011-03-07
5.0
None Remote Low Not required None None Partial
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
587 CVE-2005-3704 2005-12-01 2017-07-11
5.0
None Remote Low Not required None Partial None
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
588 CVE-2005-3702 2005-12-01 2011-03-08
5.0
None Remote Low Not required None Partial None
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
589 CVE-2005-3018 DoS 2005-09-21 2017-07-11
5.0
None Remote Low Not required None None Partial
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.
590 CVE-2005-2756 Exec Code Overflow 2005-11-05 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
591 CVE-2005-2754 189 Exec Code Overflow 2005-11-05 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
592 CVE-2005-2753 189 Exec Code Overflow 2005-11-05 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
593 CVE-2005-2746 2005-10-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
594 CVE-2005-2745 +Info 2005-10-26 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
595 CVE-2005-2744 Exec Code Overflow 2005-10-25 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
596 CVE-2005-2594 DoS 2005-08-17 2008-09-05
5.0
None Remote Low Not required None None Partial
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
597 CVE-2005-2526 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
598 CVE-2005-2525 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
599 CVE-2005-2524 Bypass 2005-10-26 2008-09-05
5.0
None Remote Low Not required None Partial None
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
600 CVE-2005-2522 Exec Code 2005-08-19 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
Total number of vulnerabilities : 662   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.