Export limit exceeded: 14548 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14548 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2007-4686 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request. | ||||
| CVE-2007-4687 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files. | ||||
| CVE-2007-4690 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet. | ||||
| CVE-2007-4691 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs. | ||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2026-04-23 | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | ||||
| CVE-2008-3529 | 5 Apple, Canonical, Debian and 2 more | 7 Iphone Os, Mac Os X, Safari and 4 more | 2026-04-23 | N/A |
| Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | ||||
| CVE-2009-2803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | ||||
| CVE-2009-2807 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2009-2811 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | ||||
| CVE-2009-2818 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | ||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2026-04-23 | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | ||||
| CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | ||||
| CVE-2009-2833 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||
| CVE-2009-2836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | ||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | ||||
| CVE-2009-2843 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | ||||
| CVE-2009-2421 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | ||||
| CVE-2007-4424 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. | ||||
| CVE-2009-2027 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | ||||
| CVE-2009-2058 | 1 Apple | 1 Safari | 2026-04-23 | N/A |
| Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | ||||