Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Max CVSS
10.0
EPSS Score
0.84%
Published
1998-04-01
Updated
2022-08-17
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
Max CVSS
7.2
EPSS Score
0.04%
Published
1996-06-26
Updated
2022-08-17
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
A system does not present an appropriate legal message or warning to a user who is accessing it.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-06-01
Updated
2022-08-17
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Max CVSS
5.0
EPSS Score
0.47%
Published
1998-09-09
Updated
2016-10-18
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
Max CVSS
5.0
EPSS Score
0.43%
Published
1998-04-08
Updated
2017-11-21
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-10-26
Updated
2021-09-22
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-11-01
Updated
2021-09-22
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-31
Updated
2008-09-05
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
Max CVSS
4.6
EPSS Score
0.17%
Published
1999-05-21
Updated
2021-09-22
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
Max CVSS
5.0
EPSS Score
0.23%
Published
1999-06-03
Updated
2021-09-22
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
Max CVSS
4.6
EPSS Score
0.11%
Published
1999-07-10
Updated
2021-09-22
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
Max CVSS
5.0
EPSS Score
3.84%
Published
1999-12-28
Updated
2021-09-22
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
Max CVSS
5.0
EPSS Score
0.69%
Published
2000-04-04
Updated
2008-09-10
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
Max CVSS
5.0
EPSS Score
0.22%
Published
2000-05-02
Updated
2017-11-27
The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
Max CVSS
10.0
EPSS Score
0.42%
Published
2000-10-20
Updated
2008-09-05
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
Max CVSS
2.6
EPSS Score
0.41%
Published
2001-02-12
Updated
2017-12-19
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
Max CVSS
7.2
EPSS Score
0.05%
Published
2001-02-12
Updated
2021-09-22
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
Max CVSS
7.6
EPSS Score
0.72%
Published
2001-05-03
Updated
2017-12-19
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
Max CVSS
5.0
EPSS Score
0.78%
Published
2001-09-20
Updated
2017-12-19
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
Max CVSS
7.5
EPSS Score
3.95%
Published
2001-12-06
Updated
2018-10-12
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-12-06
Updated
2017-10-10
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-11-17
Updated
2016-10-18
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-11-17
Updated
2016-10-18
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
Max CVSS
7.5
EPSS Score
1.08%
Published
2001-09-11
Updated
2017-07-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!