VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2007-5855Dec 19, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

  • CVE-2007-5853Dec 19, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.

  • CVE-2007-5861Dec 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

  • CVE-2007-5857Dec 19, 2007
    risk 0.00cvss epss 0.03

    Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.

  • CVE-2007-5862Dec 18, 2007
    risk 0.00cvss epss 0.03

    Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

  • CVE-2007-4702Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

  • CVE-2007-4704Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.

  • CVE-2007-4703Nov 15, 2007
    risk 0.00cvss epss 0.03

    The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended…

  • CVE-2007-4700Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

  • CVE-2007-4701Nov 15, 2007
    risk 0.00cvss epss 0.00

    WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

  • CVE-2007-4699Nov 15, 2007
    risk 0.00cvss epss 0.02

    The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

  • CVE-2007-4680Nov 15, 2007
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

  • CVE-2007-4678Nov 15, 2007
    risk 0.00cvss epss 0.02

    AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

  • CVE-2007-4269Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

  • CVE-2007-4685Nov 15, 2007
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

  • CVE-2007-4683Nov 15, 2007
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

  • CVE-2007-4688Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

  • CVE-2007-4267Nov 15, 2007
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.

  • CVE-2007-4694Nov 15, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

  • CVE-2007-4690Nov 15, 2007
    risk 0.00cvss epss 0.04

    Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

Page 89 of 105