VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2005-2520Aug 19, 2005
    risk 0.00cvss epss 0.00

    The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.

  • CVE-2005-2503Aug 19, 2005
    risk 0.00cvss epss 0.00

    AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

  • CVE-2005-2515Aug 19, 2005
    risk 0.00cvss epss 0.00

    Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.

  • CVE-2005-2516Aug 19, 2005
    risk 0.00cvss epss 0.05

    Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

  • CVE-2005-2504Aug 19, 2005
    risk 0.00cvss epss 0.00

    The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

  • CVE-2005-2506Aug 19, 2005
    risk 0.00cvss epss 0.01

    Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

  • CVE-2005-2526Aug 19, 2005
    risk 0.00cvss epss 0.02

    CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

  • CVE-2005-1722Jun 16, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.

  • CVE-2005-1933Jun 13, 2005
    risk 0.00cvss epss 0.02

    Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.

  • CVE-2005-1473Jun 13, 2005
    risk 0.00cvss epss 0.00

    SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.

  • CVE-2005-1474Jun 13, 2005
    risk 0.00cvss epss 0.01

    Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.

  • CVE-2005-1728Jun 8, 2005
    risk 0.00cvss epss 0.00

    MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials.

  • CVE-2005-1724Jun 8, 2005
    risk 0.00cvss epss 0.01

    NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.

  • CVE-2005-1723Jun 8, 2005
    risk 0.00cvss epss 0.01

    LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier (UTI) is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended…

  • CVE-2005-1727Jun 8, 2005
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions."

  • CVE-2005-1472May 19, 2005
    risk 0.00cvss epss 0.00

    Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.

  • CVE-2005-1260May 19, 2005
    risk 0.00cvss epss 0.06

    bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

  • CVE-2005-0973May 12, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.

  • CVE-2005-0971May 12, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

  • CVE-2005-0974May 12, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

Page 99 of 105