CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2007-2399 Exec Code Mem. Corr. 2007-06-25 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
802 CVE-2007-2390 DoS Exec Code Overflow 2007-05-24 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
803 CVE-2007-2386 DoS Exec Code Overflow 2007-05-24 2017-07-28
9.4
None Remote Low Not required Complete None Complete
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
804 CVE-2007-1071 DoS Exec Code Overflow 2007-02-22 2008-09-05
7.8
None Remote Low Not required None None Complete
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
805 CVE-2007-0753 134 Exec Code 2007-05-24 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter.
806 CVE-2007-0750 DoS Exec Code Overflow 2007-05-24 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
807 CVE-2007-0746 Exec Code Overflow 2007-04-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
808 CVE-2007-0741 Exec Code Overflow 2007-04-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets.
809 CVE-2007-0736 Exec Code Overflow 2007-04-24 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
810 CVE-2007-0735 DoS Exec Code 2007-04-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
811 CVE-2007-0734 119 Exec Code Overflow Mem. Corr. 2007-04-10 2017-07-28
5.4
None Local Network Medium Not required Partial Partial Partial
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.
812 CVE-2007-0731 Exec Code Overflow 2007-03-13 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
813 CVE-2007-0725 Exec Code Overflow 2007-04-24 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the AirPortDriver module for AirPort in Apple Mac OS X 10.3.9 through 10.4.9, when running on hardware with the original AirPort wireless card, allows local users to execute arbitrary code by "sending malformed control commands."
814 CVE-2007-0722 Exec Code Overflow 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
815 CVE-2007-0721 Exec Code Mem. Corr. 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
816 CVE-2007-0719 Exec Code Overflow 2007-03-13 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
817 CVE-2007-0588 DoS Exec Code Mem. Corr. 2007-01-30 2013-08-15
7.1
None Remote Medium Not required None None Complete
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.
818 CVE-2007-0465 Exec Code 2007-01-30 2017-07-28
7.6
Admin Remote High Not required Complete Complete Complete
Format string vulnerability in Apple Installer 2.1.5 on Mac OS X 10.4.8 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a (1) PKG, (2) DISTZ, or (3) MPKG package filename.
819 CVE-2007-0462 DoS Exec Code Mem. Corr. 2007-01-25 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
820 CVE-2007-0355 119 Exec Code Overflow +Priv 2007-01-18 2017-10-18
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
821 CVE-2007-0236 119 DoS Exec Code Overflow 2007-01-16 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
822 CVE-2007-0197 20 DoS Exec Code Mem. Corr. 2007-01-11 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
823 CVE-2006-6652 Exec Code Overflow 2006-12-19 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
824 CVE-2006-6173 Exec Code Overflow 2006-11-30 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.
825 CVE-2006-6129 DoS Exec Code Overflow Mem. Corr. 2006-11-26 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.
826 CVE-2006-6061 DoS Exec Code Mem. Corr. 2006-11-21 2017-07-19
9.3
Admin Remote Medium Not required Complete Complete Complete
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
827 CVE-2006-5710 119 Exec Code Overflow 2006-11-03 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.
828 CVE-2006-4866 Exec Code Overflow 2006-09-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
829 CVE-2006-4412 Exec Code 2006-11-30 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
830 CVE-2006-4406 Exec Code Overflow 2006-11-30 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
831 CVE-2006-4402 Exec Code Overflow 2006-11-30 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
832 CVE-2006-4401 Exec Code 2006-11-30 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
833 CVE-2006-4400 Exec Code Overflow 2006-11-30 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
834 CVE-2006-4398 Exec Code Overflow 2006-11-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
835 CVE-2006-4391 Exec Code Overflow 2006-10-03 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.
836 CVE-2006-3946 119 DoS Exec Code Overflow 2006-07-31 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.
837 CVE-2006-3509 DoS Exec Code Overflow 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
838 CVE-2006-3508 DoS Exec Code Overflow +Priv 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
839 CVE-2006-3507 Exec Code Overflow 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
840 CVE-2006-3506 Exec Code Overflow 2006-08-21 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name."
841 CVE-2006-3505 DoS Exec Code 2006-08-02 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
842 CVE-2006-3504 Exec Code 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
843 CVE-2006-3503 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
844 CVE-2006-3502 DoS Exec Code 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
845 CVE-2006-3501 DoS Exec Code Overflow 2006-08-02 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
846 CVE-2006-3500 Exec Code 2006-08-02 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
847 CVE-2006-3498 Exec Code Overflow 2006-08-02 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
848 CVE-2006-3497 DoS Exec Code 2006-08-02 2011-04-07
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
849 CVE-2006-1985 119 Exec Code Overflow 2006-04-21 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
850 CVE-2006-1983 119 DoS Exec Code Overflow 2006-04-21 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
Total number of vulnerabilities : 923   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18 19
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.