| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-3718 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
|
2 |
CVE-2012-0657 |
264 |
|
Bypass |
2012-05-10 |
2012-05-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
|
3 |
CVE-2011-3435 |
255 |
|
|
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. |
|
4 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
|
5 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
|
6 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
|
7 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
|
8 |
CVE-2011-3212 |
310 |
|
+Info |
2011-10-14 |
2012-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. |
|
9 |
CVE-2011-0197 |
200 |
|
+Info |
2011-06-24 |
2011-10-26 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. |
|
10 |
CVE-2011-0180 |
189 |
|
Overflow |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. |
|
11 |
CVE-2011-0178 |
200 |
|
+Info |
2011-03-22 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. |
|
12 |
CVE-2010-0537 |
264 |
|
|
2010-03-30 |
2010-06-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. |
|
13 |
CVE-2009-0141 |
264 |
|
|
2009-02-12 |
2009-02-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. |
|
14 |
CVE-2009-0014 |
264 |
|
Bypass |
2009-02-12 |
2009-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. |
|
15 |
CVE-2009-0013 |
255 |
|
+Priv |
2009-02-12 |
2009-02-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. |
|
16 |
CVE-2008-3619 |
264 |
|
+Info |
2008-09-16 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. |
|
17 |
CVE-2008-1578 |
200 |
|
+Info |
2008-06-02 |
2011-06-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. |
|
18 |
CVE-2008-0995 |
200 |
|
+Info |
2008-03-18 |
2013-01-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. |
|
19 |
CVE-2008-0994 |
200 |
|
+Info |
2008-03-18 |
2013-01-03 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. |
|
20 |
CVE-2007-4701 |
264 |
|
|
2007-11-14 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. |
|
21 |
CVE-2007-4679 |
264 |
|
|
2007-11-14 |
2010-07-01 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. |
|
22 |
CVE-2007-0751 |
|
|
DoS |
2007-05-24 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. |
|
23 |
CVE-2006-6127 |
|
|
DoS |
2006-11-26 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. |
|
24 |
CVE-2006-6126 |
|
|
DoS Mem. Corr. |
2006-11-26 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. |
|
25 |
CVE-2006-5681 |
|
|
+Info |
2006-12-19 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. |
|
26 |
CVE-2006-4399 |
|
|
|
2006-10-03 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. |
|
27 |
CVE-2006-4390 |
|
|
|
2006-10-03 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. |
|
28 |
CVE-2006-3499 |
|
|
+Info |
2006-08-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. |
|
29 |
CVE-2006-3495 |
|
|
|
2006-08-02 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. |
|
30 |
CVE-2006-3356 |
|
|
DoS |
2006-07-06 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. |
|
31 |
CVE-2006-1981 |
|
|
|
2006-04-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. |
|
32 |
CVE-2006-1457 |
|
|
|
2006-05-12 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. |
|
33 |
CVE-2006-1444 |
|
|
Bypass |
2006-05-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services. |
|
34 |
CVE-2006-1440 |
|
|
|
2006-05-12 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links. |
|
35 |
CVE-2006-1439 |
200 |
|
+Info |
2006-05-12 |
2011-08-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events. |
|
36 |
CVE-2006-0389 |
|
|
XSS |
2006-03-03 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. |
|
37 |
CVE-2006-0388 |
94 |
|
|
2006-03-03 |
2011-08-08 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. |
|
38 |
CVE-2006-0382 |
|
|
DoS |
2006-02-14 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. |
|
39 |
CVE-2005-3782 |
|
|
Bypass |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. |
|
40 |
CVE-2005-2752 |
200 |
|
+Info |
2005-11-01 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. |
|
41 |
CVE-2005-2751 |
|
|
|
2005-11-01 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. |
|
42 |
CVE-2005-2749 |
|
|
|
2005-11-01 |
2009-02-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. |
|
43 |
CVE-2005-2748 |
|
|
|
2005-10-25 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. |
|
44 |
CVE-2005-2739 |
|
|
|
2005-11-01 |
2009-02-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. |
|
45 |
CVE-2005-2520 |
|
|
|
2005-08-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. |
|
46 |
CVE-2005-2517 |
|
|
|
2005-08-19 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. |
|
47 |
CVE-2005-2512 |
|
|
|
2005-08-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. |
|
48 |
CVE-2005-2509 |
|
|
|
2005-08-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. |
|
49 |
CVE-2005-1472 |
|
|
|
2005-05-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. |
|
50 |
CVE-2005-0985 |
|
|
DoS |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver. |
