| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. |
| Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation. |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. |
| Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser. |
| Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. |
| Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. |
| Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. |
| Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename. |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
| Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument. |
| Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. |
| Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." |
| bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. |
| NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges. |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. |
| Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. |
| WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag. |
