VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2003-0355Jun 9, 2003
    risk 0.00cvss epss 0.01

    Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

  • CVE-2003-0242Jun 9, 2003
    risk 0.00cvss epss 0.03

    IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.

  • CVE-2003-0198May 5, 2003
    risk 0.00cvss epss 0.01

    Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.

  • CVE-2003-0052Mar 7, 2003
    risk 0.00cvss epss 0.01

    parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.

  • CVE-2003-0051Mar 7, 2003
    risk 0.00cvss epss 0.02

    parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.

  • CVE-2003-0053Mar 7, 2003
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

  • CVE-2003-0054Mar 7, 2003
    risk 0.00cvss epss 0.02

    Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the…

  • CVE-2003-0055Mar 7, 2003
    risk 0.00cvss epss 0.03

    Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.

  • CVE-2003-0049Mar 3, 2003
    risk 0.00cvss epss 0.02

    Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.

  • CVE-2003-0088Mar 3, 2003
    risk 0.00cvss epss 0.00

    TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.

  • CVE-2002-2373Dec 31, 2002
    risk 0.00cvss epss 0.01

    The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.

  • CVE-2002-2326Dec 31, 2002
    risk 0.00cvss epss 0.01

    The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.

  • CVE-2002-1371Dec 26, 2002
    risk 0.00cvss epss 0.05

    filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

  • CVE-2002-1366Dec 26, 2002
    risk 0.00cvss epss 0.00

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

  • CVE-2002-1367Dec 26, 2002
    risk 0.00cvss epss 0.04

    Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server…

  • CVE-2002-1267Dec 11, 2002
    risk 0.00cvss epss 0.02

    Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

  • CVE-2002-1266Dec 11, 2002
    risk 0.00cvss epss 0.00

    Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."

  • CVE-2002-1268Dec 11, 2002
    risk 0.00cvss epss 0.00

    Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

  • CVE-2002-1270Dec 11, 2002
    risk 0.00cvss epss 0.00

    Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

  • CVE-2002-1269Dec 11, 2002
    risk 0.00cvss epss 0.00

    Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.

  • CVE-2002-1265Nov 12, 2002
    risk 0.00cvss epss 0.03

    The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

  • CVE-2002-0666Nov 4, 2002
    risk 0.00cvss epss 0.02

    IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in…

  • CVE-2002-0376Sep 24, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field.

  • CVE-2002-0120Mar 25, 2002
    risk 0.00cvss epss 0.00

    Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.

  • CVE-2001-1575Dec 31, 2001
    risk 0.00cvss epss 0.02

    Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.

  • CVE-2001-1480Dec 31, 2001
    risk 0.00cvss epss 0.02

    Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.

  • CVE-2001-1565Dec 31, 2001
    risk 0.00cvss epss 0.00

    Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

  • CVE-2001-1531Dec 31, 2001
    risk 0.00cvss epss 0.03

    Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename.

  • CVE-2001-0720Dec 6, 2001
    risk 0.00cvss epss 0.02

    Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

  • CVE-2001-0806Dec 6, 2001
    risk 0.00cvss epss 0.00

    Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.

  • CVE-2001-1447Oct 17, 2001
    risk 0.00cvss epss 0.00

    NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.

  • CVE-2001-1446Sep 11, 2001
    risk 0.00cvss epss 0.03

    Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.

  • CVE-2001-0102Feb 12, 2001
    risk 0.00cvss epss 0.01

    "Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.

  • CVE-2001-0068Feb 12, 2001
    risk 0.00cvss epss 0.02

    Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.

  • CVE-2000-0563Oct 20, 2000
    risk 0.00cvss epss 0.03

    The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.

  • CVE-1999-0590Jun 1, 2000
    risk 0.00cvss epss 0.06

    A system does not present an appropriate legal message or warning to a user who is accessing it.

  • CVE-2000-0346May 2, 2000
    risk 0.00cvss epss 0.02

    AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.

  • CVE-1999-1102Dec 31, 1999
    risk 0.00cvss epss 0.00

    lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

  • CVE-2000-0041Dec 28, 1999
    risk 0.00cvss epss 0.01

    Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

  • CVE-1999-1077Nov 1, 1999
    risk 0.00cvss epss 0.00

    Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.

  • CVE-1999-1076Oct 26, 1999
    risk 0.00cvss epss 0.00

    Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns…

  • CVE-1999-1393May 21, 1999
    risk 0.00cvss epss 0.00

    Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which…

  • CVE-1999-0897Sep 9, 1998
    risk 0.00cvss epss 0.01

    iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

  • CVE-1999-0098Apr 1, 1998
    risk 0.00cvss epss 0.03

    Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.

  • CVE-1999-0138Jun 26, 1996
    risk 0.00cvss epss 0.01

    The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Page 169 of 169