VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2004-0720Jul 27, 2004
    risk 0.00cvss epss 0.01

    Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

  • CVE-2004-0485Jul 7, 2004
    risk 0.00cvss epss 0.03

    The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume.

  • CVE-2004-0431Jul 7, 2004
    risk 0.00cvss epss 0.03

    Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow.

  • CVE-2004-0382May 4, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.

  • CVE-2004-0383May 4, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."

  • CVE-2004-0428May 3, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.

  • CVE-2003-1010Mar 29, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.

  • CVE-2003-0601Mar 29, 2004
    risk 0.00cvss epss 0.01

    Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.

  • CVE-2003-1011Mar 29, 2004
    risk 0.00cvss epss 0.00

    Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.

  • CVE-2003-1009Mar 29, 2004
    risk 0.00cvss epss 0.05

    Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain…

  • CVE-2003-1008Mar 29, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.

  • CVE-2003-1007Mar 29, 2004
    risk 0.00cvss epss 0.01

    AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.

  • CVE-2004-0168Mar 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."

  • CVE-2004-0166Mar 15, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."

  • CVE-2004-0169Mar 15, 2004
    risk 0.00cvss epss 0.03

    QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.

  • CVE-2004-0167Mar 15, 2004
    risk 0.00cvss epss 0.02

    DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.

  • CVE-2004-0165Mar 15, 2004
    risk 0.00cvss epss 0.04

    Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

  • CVE-2004-0088Mar 3, 2004
    risk 0.00cvss epss 0.00

    The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.

  • CVE-2004-0089Mar 3, 2004
    risk 0.00cvss epss 0.00

    Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.

  • CVE-2004-0086Mar 3, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.

  • CVE-2004-0092Mar 3, 2004
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

  • CVE-2004-0087Mar 3, 2004
    risk 0.00cvss epss 0.00

    The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.

  • CVE-2004-0085Mar 3, 2004
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.

  • CVE-2003-1005Dec 31, 2003
    risk 0.00cvss epss 0.02

    The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.

  • CVE-2003-1413Dec 31, 2003
    risk 0.00cvss epss 0.01

    parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.

  • CVE-2003-0975Dec 15, 2003
    risk 0.00cvss epss 0.01

    Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

  • CVE-2003-0913Dec 1, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."

  • CVE-2001-1411Nov 17, 2003
    risk 0.00cvss epss 0.00

    Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.

  • CVE-2003-0804Nov 17, 2003
    risk 0.00cvss epss 0.01

    The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

  • CVE-2003-0871Nov 3, 2003
    risk 0.00cvss epss 0.01

    Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."

  • CVE-2003-0882Nov 3, 2003
    risk 0.00cvss epss 0.01

    Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

  • CVE-2003-0878Nov 3, 2003
    risk 0.00cvss epss 0.00

    slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.

  • CVE-2003-0877Nov 3, 2003
    risk 0.00cvss epss 0.00

    Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

  • CVE-2003-0883Nov 3, 2003
    risk 0.00cvss epss 0.00

    The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.

  • CVE-2003-0895Nov 3, 2003
    risk 0.00cvss epss 0.01

    Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).

  • CVE-2003-0881Nov 3, 2003
    risk 0.00cvss epss 0.01

    Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

  • CVE-2003-0876Nov 3, 2003
    risk 0.00cvss epss 0.00

    Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.

  • CVE-2003-0880Nov 3, 2003
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

  • CVE-2003-0422Aug 27, 2003
    risk 0.00cvss epss 0.02

    Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.

  • CVE-2003-0424Aug 27, 2003
    risk 0.00cvss epss 0.01

    Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.

  • CVE-2003-0502Aug 27, 2003
    risk 0.00cvss epss 0.03

    Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.

  • CVE-2003-0426Aug 27, 2003
    risk 0.00cvss epss 0.03

    The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.

  • CVE-2003-0425Aug 27, 2003
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.

  • CVE-2003-0423Aug 27, 2003
    risk 0.00cvss epss 0.02

    parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.

  • CVE-2003-0421Aug 27, 2003
    risk 0.00cvss epss 0.03

    Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.

  • CVE-2003-0518Aug 18, 2003
    risk 0.00cvss epss 0.00

    The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.

  • CVE-2003-0379Jul 24, 2003
    risk 0.00cvss epss 0.02

    Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.

  • CVE-2003-0378Jun 16, 2003
    risk 0.00cvss epss 0.01

    The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.

  • CVE-2003-0370Jun 16, 2003
    risk 0.00cvss epss 0.02

    Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

  • CVE-2003-0420Jun 13, 2003
    risk 0.00cvss epss 0.00

    Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.

Page 168 of 169