Apple : Security Vulnerabilities, CVEs,
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities.
Max CVSS
10.0
EPSS Score
0.84%
Published
1998-04-01
Updated
2022-08-17
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
Max CVSS
7.2
EPSS Score
0.04%
Published
1996-06-26
Updated
2022-08-17
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
A system does not present an appropriate legal message or warning to a user who is accessing it.
Max CVSS
10.0
EPSS Score
0.30%
Published
2000-06-01
Updated
2022-08-17
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Max CVSS
5.0
EPSS Score
0.47%
Published
1998-09-09
Updated
2016-10-18
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
Max CVSS
5.0
EPSS Score
0.43%
Published
1998-04-08
Updated
2017-11-21
Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-10-26
Updated
2021-09-22
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-11-01
Updated
2021-09-22
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-31
Updated
2008-09-05
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
Max CVSS
4.6
EPSS Score
0.17%
Published
1999-05-21
Updated
2021-09-22
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
Max CVSS
5.0
EPSS Score
0.23%
Published
1999-06-03
Updated
2021-09-22
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
Max CVSS
4.6
EPSS Score
0.11%
Published
1999-07-10
Updated
2021-09-22
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
Max CVSS
5.0
EPSS Score
3.84%
Published
1999-12-28
Updated
2021-09-22
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
Max CVSS
5.0
EPSS Score
0.69%
Published
2000-04-04
Updated
2008-09-10
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
Max CVSS
5.0
EPSS Score
0.22%
Published
2000-05-02
Updated
2017-11-27
The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
Max CVSS
10.0
EPSS Score
0.42%
Published
2000-10-20
Updated
2008-09-05
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
Max CVSS
2.6
EPSS Score
0.41%
Published
2001-02-12
Updated
2017-12-19
"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.
Max CVSS
7.2
EPSS Score
0.05%
Published
2001-02-12
Updated
2021-09-22
Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag.
Max CVSS
7.6
EPSS Score
0.72%
Published
2001-05-03
Updated
2017-12-19
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
Max CVSS
5.0
EPSS Score
0.78%
Published
2001-09-20
Updated
2017-12-19
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
Max CVSS
7.5
EPSS Score
3.95%
Published
2001-12-06
Updated
2018-10-12
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-12-06
Updated
2017-10-10
Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-11-17
Updated
2016-10-18
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-11-17
Updated
2016-10-18
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
Max CVSS
7.5
EPSS Score
1.08%
Published
2001-09-11
Updated
2017-07-11
7205 vulnerabilities found
1
2
3
4
5
6 ......
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289