National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.1.4
There are 1,455 matching records.
Displaying matches 1441 through 1455.
Vuln ID Summary CVSS Severity
CVE-2003-0877

Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

Published: November 03, 2003; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2003-0878

slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.

Published: November 03, 2003; 12:00:00 AM -05:00
V2: 2.1 LOW
CVE-2003-0880

Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

Published: November 03, 2003; 12:00:00 AM -05:00
V2: 4.6 MEDIUM
CVE-2003-0881

Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

Published: November 03, 2003; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2003-0882

Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

Published: November 03, 2003; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2003-0378

The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.

Published: June 16, 2003; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2003-0171

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.

Published: May 05, 2003; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2003-0198

Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.

Published: May 05, 2003; 12:00:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2002-2326

The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-1265

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

Published: November 12, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2002-0655

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0656

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2002-0659

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

Published: August 12, 2002; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2002-0676

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Published: July 11, 2002; 12:00:00 AM -04:00
V2: 7.5 HIGH
CVE-2001-1565

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

Published: December 31, 2001; 12:00:00 AM -05:00
V2: 2.1 LOW