Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-1447 | 0.00 | — | 0.03 | May 12, 2006 | LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file. | |||
| CVE-2006-1984 | 0.00 | — | 0.03 | Apr 21, 2006 | Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference. | |||
| CVE-2006-1981 | 0.00 | — | 0.00 | Apr 21, 2006 | Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. | |||
| CVE-2006-0401 | 0.00 | — | 0.00 | Apr 5, 2006 | Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||
| CVE-2006-1552 | 0.00 | — | 0.04 | Mar 31, 2006 | Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | |||
| CVE-2006-0398 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-0397 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-0400 | 0.00 | — | 0.02 | Mar 14, 2006 | CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||
| CVE-2006-0399 | 0.00 | — | 0.02 | Mar 14, 2006 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is… | |||
| CVE-2006-1220 | 0.00 | — | 0.01 | Mar 14, 2006 | Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow. | |||
| CVE-2006-0389 | 0.00 | — | 0.03 | Mar 3, 2006 | Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. | |||
| CVE-2006-0386 | 0.00 | — | 0.00 | Mar 3, 2006 | FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled. | |||
| CVE-2006-0388 | 0.00 | — | 0.01 | Mar 3, 2006 | Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. | |||
| CVE-2006-0391 | 0.00 | — | 0.01 | Mar 3, 2006 | Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper. | |||
| CVE-2006-0383 | 0.00 | — | 0.04 | Mar 2, 2006 | IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions". | |||
| CVE-2006-0384 | 0.00 | — | 0.04 | Mar 2, 2006 | automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names". | |||
| CVE-2006-0382 | 0.00 | — | 0.00 | Feb 14, 2006 | Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. | |||
| CVE-2005-0985 | 0.00 | — | 0.00 | Dec 31, 2005 | Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. | |||
| CVE-2005-3782 | 0.00 | — | 0.00 | Dec 31, 2005 | Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or… | |||
| CVE-2005-2738 | 0.00 | — | 0.02 | Dec 31, 2005 | Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. |
- CVE-2006-1447May 12, 2006risk 0.00cvss —epss 0.03
LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to cause Safari to launch unsafe content via long file name extensions, which prevents Download Validation from determining which application will be used to open the file.
- CVE-2006-1984Apr 21, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.
- CVE-2006-1981Apr 21, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen.
- CVE-2006-0401Apr 5, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors.
- CVE-2006-1552Mar 31, 2006risk 0.00cvss —epss 0.04
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
- CVE-2006-0398Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-0397Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-0400Mar 14, 2006risk 0.00cvss —epss 0.02
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
- CVE-2006-0399Mar 14, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is…
- CVE-2006-1220Mar 14, 2006risk 0.00cvss —epss 0.01
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
- CVE-2006-0389Mar 3, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
- CVE-2006-0386Mar 3, 2006risk 0.00cvss —epss 0.00
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
- CVE-2006-0388Mar 3, 2006risk 0.00cvss —epss 0.01
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
- CVE-2006-0391Mar 3, 2006risk 0.00cvss —epss 0.01
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
- CVE-2006-0383Mar 2, 2006risk 0.00cvss —epss 0.04
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
- CVE-2006-0384Mar 2, 2006risk 0.00cvss —epss 0.04
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
- CVE-2006-0382Feb 14, 2006risk 0.00cvss —epss 0.00
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call.
- CVE-2005-0985Dec 31, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.
- CVE-2005-3782Dec 31, 2005risk 0.00cvss —epss 0.00
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or…
- CVE-2005-2738Dec 31, 2005risk 0.00cvss —epss 0.02
Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.
Page 96 of 105