Idle locking function in MacOS 9 allows local users to bypass the password protection of idled sessions by selecting the "Log Out" option and selecting a "Cancel" option in the dialog box for an application that attempts to verify that the user wants to log out, which returns the attacker into the locked session.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-10-26
Updated
2021-09-22
Idle locking function in MacOS 9 allows local attackers to bypass the password protection of idled sessions via the programmer's switch or CMD-PWR keyboard sequence, which brings up a debugger that the attacker can use to disable the lock.
Max CVSS
4.6
EPSS Score
0.05%
Published
1999-11-01
Updated
2021-09-22
Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible.
Max CVSS
4.6
EPSS Score
0.17%
Published
1999-05-21
Updated
2021-09-22
MacOS uses weak encryption for passwords that are stored in the Users & Groups Data File.
Max CVSS
4.6
EPSS Score
0.11%
Published
1999-07-10
Updated
2021-09-22
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2017-10-10
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2017-10-10
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
Max CVSS
4.3
EPSS Score
0.29%
Published
2003-03-07
Updated
2016-10-18
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-06-13
Updated
2017-07-11
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
Max CVSS
4.6
EPSS Score
0.14%
Published
2003-08-18
Updated
2008-09-10
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-03
Updated
2017-07-11
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-03
Updated
2008-09-05
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-03
Updated
2008-09-05
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).
Max CVSS
4.6
EPSS Score
0.32%
Published
2003-11-03
Updated
2017-07-11
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-12-01
Updated
2017-07-11
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
Max CVSS
4.3
EPSS Score
0.62%
Published
2003-12-31
Updated
2017-07-29
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
Max CVSS
4.3
EPSS Score
1.05%
Published
2003-12-31
Updated
2017-07-29
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
Max CVSS
4.6
EPSS Score
0.71%
Published
2004-03-03
Updated
2017-10-10
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-08-18
Updated
2017-07-11
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-08-18
Updated
2017-07-11
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-08-18
Updated
2017-07-11
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-12-02
Updated
2017-07-11
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.
Max CVSS
4.3
EPSS Score
0.34%
Published
2005-05-02
Updated
2017-07-11
Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-10
666 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!