| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3954 |
20 |
|
DoS +Info |
2013-06-05 |
2013-06-06 |
5.4 |
None |
Local |
Medium |
Not required |
Partial |
None |
Complete |
|
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. |
|
2 |
CVE-2012-3721 |
287 |
|
|
2012-09-20 |
2013-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. |
|
3 |
CVE-2012-0651 |
200 |
|
+Info |
2012-05-10 |
2012-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. |
|
4 |
CVE-2011-3462 |
|
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. |
|
5 |
CVE-2011-3246 |
200 |
|
+Info |
2011-10-14 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. |
|
6 |
CVE-2011-3225 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. |
|
7 |
CVE-2011-0231 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." |
|
8 |
CVE-2011-0207 |
310 |
|
+Info |
2011-06-24 |
2011-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. |
|
9 |
CVE-2011-0199 |
20 |
|
|
2011-06-24 |
2011-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. |
|
10 |
CVE-2011-0189 |
16 |
|
|
2011-03-22 |
2011-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. |
|
11 |
CVE-2011-0183 |
189 |
|
DoS |
2011-03-22 |
2011-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." |
|
12 |
CVE-2010-3784 |
|
|
DoS |
2010-11-16 |
2010-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. |
|
13 |
CVE-2010-1834 |
20 |
|
|
2010-11-15 |
2010-12-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. |
|
14 |
CVE-2010-1830 |
|
|
|
2010-11-15 |
2010-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. |
|
15 |
CVE-2010-1828 |
20 |
|
DoS |
2010-11-15 |
2010-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. |
|
16 |
CVE-2010-1800 |
200 |
|
+Info |
2010-08-25 |
2010-08-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. |
|
17 |
CVE-2010-1379 |
20 |
|
DoS |
2010-06-17 |
2010-06-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. |
|
18 |
CVE-2010-0525 |
310 |
|
+Info |
2010-03-30 |
2010-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. |
|
19 |
CVE-2010-0521 |
287 |
|
+Info |
2010-03-30 |
2010-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. |
|
20 |
CVE-2009-2843 |
310 |
|
Exec Code |
2009-12-08 |
2011-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. |
|
21 |
CVE-2009-2831 |
|
|
Exec Code |
2009-11-10 |
2009-11-17 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." |
|
22 |
CVE-2009-2808 |
310 |
|
Exec Code |
2009-11-10 |
2009-11-17 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. |
|
23 |
CVE-2009-2196 |
|
|
|
2009-08-12 |
2009-08-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. |
|
24 |
CVE-2009-0152 |
16 |
|
+Info |
2009-05-13 |
2009-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
25 |
CVE-2008-4368 |
310 |
|
|
2008-10-01 |
2008-10-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. |
|
26 |
CVE-2008-3617 |
255 |
|
|
2008-09-16 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. |
|
27 |
CVE-2008-2331 |
264 |
|
|
2008-09-16 |
2008-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. |
|
28 |
CVE-2008-1579 |
200 |
|
+Info |
2008-06-02 |
2011-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. |
|
29 |
CVE-2008-1571 |
22 |
|
Dir. Trav. |
2008-06-02 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. |
|
30 |
CVE-2008-0992 |
119 |
|
Exec Code Overflow |
2008-03-18 |
2008-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. |
|
31 |
CVE-2008-0059 |
362 |
|
Exec Code |
2008-03-18 |
2008-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." |
|
32 |
CVE-2008-0058 |
362 |
|
Exec Code |
2008-03-18 |
2008-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. |
|
33 |
CVE-2008-0050 |
200 |
|
+Info |
2008-03-18 |
2008-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. |
|
34 |
CVE-2008-0046 |
264 |
|
Bypass |
2008-03-18 |
2008-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and applications, which might allow attackers to bypass intended access restrictions. |
|
35 |
CVE-2008-0044 |
119 |
|
DoS Exec Code Overflow |
2008-03-18 |
2008-10-11 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL. |
|
36 |
CVE-2008-0041 |
200 |
|
+Info |
2008-02-12 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. |
|
37 |
CVE-2007-4688 |
200 |
|
+Info |
2007-11-14 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query. |
|
38 |
CVE-2007-3744 |
119 |
|
Exec Code Overflow |
2007-08-03 |
2008-09-05 |
5.8 |
User |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet. |
|
39 |
CVE-2007-2404 |
|
|
XSS Http R.Spl. |
2007-08-03 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 before 20070731 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in an unspecified context. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. |
|
40 |
CVE-2007-0734 |
119 |
|
Exec Code Overflow Mem. Corr. |
2007-04-10 |
2011-07-18 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. |
|
41 |
CVE-2007-0726 |
|
|
DoS |
2007-03-13 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys. |
|
42 |
CVE-2006-6353 |
|
|
DoS |
2006-12-06 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". |
|
43 |
CVE-2006-6292 |
|
|
DoS |
2006-12-05 |
2008-09-05 |
5.7 |
None |
Local Network |
Medium |
Not required |
None |
None |
Complete |
|
Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames. |
|
44 |
CVE-2006-6062 |
|
|
DoS Mem. Corr. |
2006-11-21 |
2008-09-10 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. |
|
45 |
CVE-2006-6015 |
|
|
DoS Overflow |
2006-11-21 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. |
|
46 |
CVE-2006-4409 |
|
|
|
2006-11-30 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. |
|
47 |
CVE-2006-4408 |
|
|
DoS |
2006-11-30 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. |
|
48 |
CVE-2006-4407 |
|
|
|
2006-11-30 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. |
|
49 |
CVE-2006-4402 |
|
|
Exec Code Overflow |
2006-11-30 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. |
|
50 |
CVE-2006-4401 |
|
|
Exec Code |
2006-11-30 |
2008-09-05 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. |
