VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2006-4410Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.

  • CVE-2006-4409Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

  • CVE-2006-4408Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be…

  • CVE-2006-4407Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.

  • CVE-2006-4404Nov 30, 2006
    risk 0.00cvss epss 0.02

    The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.

  • CVE-2006-4403Nov 30, 2006
    risk 0.00cvss epss 0.04

    The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.

  • CVE-2006-4402Nov 30, 2006
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.

  • CVE-2006-4401Nov 30, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.

  • CVE-2006-4400Nov 30, 2006
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.

  • CVE-2006-4396Nov 30, 2006
    risk 0.00cvss epss 0.01

    The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.

  • CVE-2006-6126Nov 27, 2006
    risk 0.00cvss epss 0.00

    Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.

  • CVE-2006-6127Nov 27, 2006
    risk 0.00cvss epss 0.00

    Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.

  • CVE-2006-4393Oct 3, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.

  • CVE-2006-4390Oct 3, 2006
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

  • CVE-2006-4391Oct 3, 2006
    risk 0.00cvss epss 0.06

    Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.

  • CVE-2006-4387Oct 3, 2006
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage…

  • CVE-2006-4399Oct 3, 2006
    risk 0.00cvss epss 0.01

    User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which…

  • CVE-2006-4397Oct 3, 2006
    risk 0.00cvss epss 0.00

    Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's…

  • CVE-2006-4395Oct 3, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported…

  • CVE-2006-4394Oct 3, 2006
    risk 0.00cvss epss 0.03

    A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.

Page 93 of 105