ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-11-01
Updated
2011-03-08
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
Max CVSS
2.1
EPSS Score
0.26%
Published
2006-05-12
Updated
2017-07-20
QuickTime for Java in Apple Quicktime before 7.2 does not perform sufficient "access control," which allows remote attackers to obtain sensitive information (screen content) via crafted Java applets.
Max CVSS
4.3
EPSS Score
0.85%
Published
2007-07-15
Updated
2018-10-30
Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a different domain.
Max CVSS
4.3
EPSS Score
1.33%
Published
2007-09-27
Updated
2022-08-09
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.
Max CVSS
5.0
EPSS Score
0.78%
Published
2007-11-15
Updated
2017-07-29
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.
Max CVSS
5.0
EPSS Score
0.58%
Published
2008-02-12
Updated
2011-03-08
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.
Max CVSS
5.0
EPSS Score
0.97%
Published
2008-03-18
Updated
2017-08-08
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
Max CVSS
6.8
EPSS Score
2.20%
Published
2008-03-18
Updated
2017-08-08
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
Max CVSS
4.4
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-03-18
Updated
2013-08-27
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.15%
Published
2008-03-18
Updated
2017-08-08
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.17%
Published
2008-03-18
Updated
2017-08-08
The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.
Max CVSS
1.7
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
Max CVSS
2.1
EPSS Score
0.08%
Published
2008-03-19
Updated
2017-08-08
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
Max CVSS
4.3
EPSS Score
0.60%
Published
2008-04-04
Updated
2017-08-08
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-06-02
Updated
2017-08-08
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
Max CVSS
5.0
EPSS Score
0.71%
Published
2008-06-02
Updated
2017-08-08
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879.
Max CVSS
4.3
EPSS Score
0.45%
Published
2008-06-02
Updated
2017-08-08
The WOHyperlink implementation in WebObjects in Apple Xcode tools before 3.1 appends local session IDs to generated non-local URLs, which allows remote attackers to obtain potentially sensitive information by reading the requests for these URLs.
Max CVSS
5.0
EPSS Score
0.48%
Published
2008-07-14
Updated
2017-08-08
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
Max CVSS
1.9
EPSS Score
0.07%
Published
2008-09-16
Updated
2017-08-08
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue."
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-09-16
Updated
2017-08-08
Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Max CVSS
5.0
EPSS Score
0.33%
Published
2008-07-14
Updated
2017-08-08
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Max CVSS
2.6
EPSS Score
0.21%
Published
2008-09-11
Updated
2008-09-11
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
Max CVSS
1.9
EPSS Score
0.04%
Published
2008-11-17
Updated
2012-10-31
431 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!