Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1008 | 0.00 | — | 0.00 | Mar 29, 2004 | Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application. | |||
| CVE-2003-1011 | 0.00 | — | 0.00 | Mar 29, 2004 | Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell. | |||
| CVE-2003-1009 | 0.00 | — | 0.05 | Mar 29, 2004 | Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain… | |||
| CVE-2003-1007 | 0.00 | — | 0.01 | Mar 29, 2004 | AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact. | |||
| CVE-2004-0165 | 0.00 | — | 0.04 | Mar 15, 2004 | Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. | |||
| CVE-2004-0166 | 0.00 | — | 0.02 | Mar 15, 2004 | Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | |||
| CVE-2004-0167 | 0.00 | — | 0.02 | Mar 15, 2004 | DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. | |||
| CVE-2004-0168 | 0.00 | — | 0.02 | Mar 15, 2004 | Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." | |||
| CVE-2004-0088 | 0.00 | — | 0.00 | Mar 3, 2004 | The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. | |||
| CVE-2004-0087 | 0.00 | — | 0.00 | Mar 3, 2004 | The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. | |||
| CVE-2004-0086 | 0.00 | — | 0.01 | Mar 3, 2004 | Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. | |||
| CVE-2004-0089 | 0.00 | — | 0.00 | Mar 3, 2004 | Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. | |||
| CVE-2004-0092 | 0.00 | — | 0.01 | Mar 3, 2004 | Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. | |||
| CVE-2004-0085 | 0.00 | — | 0.02 | Mar 3, 2004 | Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. | |||
| CVE-2003-1005 | 0.00 | — | 0.02 | Dec 31, 2003 | The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences. | |||
| CVE-2003-0975 | 0.00 | — | 0.01 | Dec 15, 2003 | Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain. | |||
| CVE-2003-0913 | 0.00 | — | 0.00 | Dec 1, 2003 | Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access." | |||
| CVE-2003-0804 | 0.00 | — | 0.01 | Nov 17, 2003 | The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. | |||
| CVE-2001-1411 | 0.00 | — | 0.00 | Nov 17, 2003 | Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs. | |||
| CVE-2003-0883 | 0.00 | — | 0.00 | Nov 3, 2003 | The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system. |
- CVE-2003-1008Mar 29, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
- CVE-2003-1011Mar 29, 2004risk 0.00cvss —epss 0.00
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
- CVE-2003-1009Mar 29, 2004risk 0.00cvss —epss 0.05
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain…
- CVE-2003-1007Mar 29, 2004risk 0.00cvss —epss 0.01
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
- CVE-2004-0165Mar 15, 2004risk 0.00cvss —epss 0.04
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
- CVE-2004-0166Mar 15, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
- CVE-2004-0167Mar 15, 2004risk 0.00cvss —epss 0.02
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
- CVE-2004-0168Mar 15, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
- CVE-2004-0088Mar 3, 2004risk 0.00cvss —epss 0.00
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
- CVE-2004-0087Mar 3, 2004risk 0.00cvss —epss 0.00
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
- CVE-2004-0086Mar 3, 2004risk 0.00cvss —epss 0.01
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
- CVE-2004-0089Mar 3, 2004risk 0.00cvss —epss 0.00
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
- CVE-2004-0092Mar 3, 2004risk 0.00cvss —epss 0.01
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
- CVE-2004-0085Mar 3, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
- CVE-2003-1005Dec 31, 2003risk 0.00cvss —epss 0.02
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
- CVE-2003-0975Dec 15, 2003risk 0.00cvss —epss 0.01
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
- CVE-2003-0913Dec 1, 2003risk 0.00cvss —epss 0.00
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
- CVE-2003-0804Nov 17, 2003risk 0.00cvss —epss 0.01
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
- CVE-2001-1411Nov 17, 2003risk 0.00cvss —epss 0.00
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
- CVE-2003-0883Nov 3, 2003risk 0.00cvss —epss 0.00
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
Page 103 of 105