VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2007-0724Mar 13, 2007
    risk 0.00cvss epss 0.01

    The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.

  • CVE-2007-0723Mar 13, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.

  • CVE-2007-0730Mar 13, 2007
    risk 0.00cvss epss 0.02

    Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration.

  • CVE-2007-0721Mar 13, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.

  • CVE-2007-0719Mar 13, 2007
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.

  • CVE-2007-0720Mar 13, 2007
    risk 0.00cvss epss 0.05

    The CUPS service on multiple platforms allows remote attackers to cause a denial of service (service hang) via a "partially-negotiated" SSL connection, which prevents other requests from being accepted.

  • CVE-2007-0588Jan 30, 2007
    risk 0.00cvss epss 0.06

    The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that…

  • CVE-2007-0478Jan 25, 2007
    risk 0.00cvss epss 0.02

    WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an…

  • CVE-2007-0022Jan 23, 2007
    risk 0.00cvss epss 0.01

    Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program.

  • CVE-2007-0345Jan 18, 2007
    risk 0.00cvss epss 0.00

    The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain Access.app/Contents/Resources/kcproxy, and (3) ODBC Administrator.app/Contents/Resources/iodbcadmintool programs in /Applications/Utilities/ in Mac OS X 10.4.8 have weak permissions (writable by admin group),…

  • CVE-2007-0318Jan 18, 2007
    risk 0.00cvss epss 0.02

    The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.

  • CVE-2007-0299Jan 17, 2007
    risk 0.00cvss epss 0.04

    Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer…

  • CVE-2006-6906Dec 31, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

  • CVE-2006-6900Dec 31, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."

  • CVE-2006-5681Dec 20, 2006
    risk 0.00cvss epss 0.02

    QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.

  • CVE-2006-6353Dec 7, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS…

  • CVE-2006-6292Dec 5, 2006
    risk 0.00cvss epss 0.01

    Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain…

  • CVE-2006-4402Nov 30, 2006
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

  • CVE-2006-4403Nov 30, 2006
    risk 0.00cvss epss 0.04

    The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

  • CVE-2006-4401Nov 30, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

Page 92 of 105