| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. |
| The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy. |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." |
| Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. |
| parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. |
| Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". |
| The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set. |
| Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results. |
| OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. |
| Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference. |
| Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. |
| Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. |
| Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. |
| parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter. |
| Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked. |
| An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. |
| CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services. |
| Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding. |
