Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.
Max CVSS
4.4
EPSS Score
0.53%
Published
2010-11-15
Updated
2011-01-12
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
Max CVSS
6.8
EPSS Score
0.65%
Published
2010-09-21
Updated
2017-09-19
libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.
Max CVSS
6.4
EPSS Score
0.10%
Published
2010-08-25
Updated
2010-08-26
NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2010-06-17
Updated
2010-06-18
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
Max CVSS
5.0
EPSS Score
0.19%
Published
2010-03-30
Updated
2010-06-21
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2010-03-30
Updated
2010-03-31
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!