VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2003-0881Nov 3, 2003
    risk 0.00cvss epss 0.01

    Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

  • CVE-2003-0877Nov 3, 2003
    risk 0.00cvss epss 0.00

    Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

  • CVE-2003-0876Nov 3, 2003
    risk 0.00cvss epss 0.00

    Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

  • CVE-2003-0871Nov 3, 2003
    risk 0.00cvss epss 0.01

    Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."

  • CVE-2003-0880Nov 3, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

  • CVE-2003-0895Nov 3, 2003
    risk 0.00cvss epss 0.01

    Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).

  • CVE-2003-0883Nov 3, 2003
    risk 0.00cvss epss 0.00

    The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.

  • CVE-2003-0882Nov 3, 2003
    risk 0.00cvss epss 0.01

    Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

  • CVE-2003-0518Aug 18, 2003
    risk 0.00cvss epss 0.00

    The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.

  • CVE-2003-0378Jun 16, 2003
    risk 0.00cvss epss 0.01

    The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.

  • CVE-2003-0242Jun 9, 2003
    risk 0.00cvss epss 0.03

    IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.

  • CVE-2003-0198May 5, 2003
    risk 0.00cvss epss 0.01

    Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.

  • CVE-2003-0049Mar 3, 2003
    risk 0.00cvss epss 0.02

    Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.

  • CVE-2003-0088Mar 3, 2003
    risk 0.00cvss epss 0.00

    TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.

  • CVE-2002-2326Dec 31, 2002
    risk 0.00cvss epss 0.01

    The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.

  • CVE-2002-1366Dec 26, 2002
    risk 0.00cvss epss 0.00

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

  • CVE-2002-1371Dec 26, 2002
    risk 0.00cvss epss 0.05

    filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

  • CVE-2002-1367Dec 26, 2002
    risk 0.00cvss epss 0.04

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server…

  • CVE-2002-1270Dec 11, 2002
    risk 0.00cvss epss 0.00

    Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

  • CVE-2002-1267Dec 11, 2002
    risk 0.00cvss epss 0.02

    Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

Page 104 of 105