CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0373 Exec Code Overflow 2004-10-07 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
2 CVE-2004-1307 Exec Code Overflow 2004-12-21 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
3 CVE-2004-1089 2004-12-02 2017-07-10
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
4 CVE-2004-1088 2004-12-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
5 CVE-2004-1087 2004-12-02 2017-07-10
2.1
None Local Low Not required None Partial None
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
6 CVE-2004-1086 Exec Code Overflow 2004-12-02 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
7 CVE-2004-1085 2004-12-02 2017-07-10
2.1
None Local Low Not required None None Partial
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
8 CVE-2004-1084 Bypass 2004-12-02 2017-07-10
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
9 CVE-2004-1083 2004-12-03 2017-07-10
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
10 CVE-2004-1081 2004-12-02 2017-07-10
2.1
None Local Low Not required Partial None None
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
11 CVE-2004-0824 2004-12-31 2017-07-10
2.1
None Local Low Not required None Partial None
PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
12 CVE-2004-0823 2004-09-07 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
13 CVE-2004-0822 Exec Code Overflow 2004-09-07 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
14 CVE-2004-0821 +Priv 2004-12-31 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
15 CVE-2004-0803 Exec Code Overflow 2004-12-23 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
16 CVE-2004-0744 DoS 2004-11-23 2017-07-10
5.0
None Remote Low Not required None None Partial
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
17 CVE-2004-0743 +Info 2004-11-23 2017-07-10
5.0
None Remote Low Not required Partial None None
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
18 CVE-2004-0622 +Info 2004-12-06 2017-07-10
2.1
None Local Low Not required Partial None None
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
19 CVE-2004-0539 Exec Code 2004-08-06 2017-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
20 CVE-2004-0538 Exec Code 2004-08-06 2017-10-11
7.5
User Remote Low Not required Partial Partial Partial
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
21 CVE-2004-0518 2004-08-18 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
22 CVE-2004-0517 2004-08-18 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
23 CVE-2004-0516 2004-08-18 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
24 CVE-2004-0515 2004-08-18 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
25 CVE-2004-0514 2004-08-18 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
26 CVE-2004-0513 2004-08-18 2017-07-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
27 CVE-2004-0489 Exec Code 2004-07-07 2017-07-10
7.6
Admin Remote High Not required Complete Complete Complete
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
28 CVE-2004-0486 Exec Code Dir. Trav. 2004-07-07 2017-07-10
7.6
Admin Remote High Not required Complete Complete Complete
HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler.
29 CVE-2004-0485 2004-07-07 2017-07-10
5.0
None Remote Low Not required None Partial None
The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume.
30 CVE-2004-0430 Exec Code Overflow 2004-07-07 2017-07-10
5.1
User Remote High Not required Partial Partial Partial
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
31 CVE-2004-0429 2004-12-31 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
32 CVE-2004-0428 2004-05-03 2017-07-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
33 CVE-2004-0383 2004-05-04 2017-07-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
34 CVE-2004-0382 2004-05-04 2017-07-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.
35 CVE-2004-0168 2004-03-15 2017-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
36 CVE-2004-0167 2004-03-15 2017-10-09
7.5
User Remote Low Not required Partial Partial Partial
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
37 CVE-2004-0166 2004-03-15 2017-07-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
38 CVE-2004-0165 +Priv 2004-03-15 2017-10-09
5.0
None Remote Low Not required Partial None None
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
39 CVE-2004-0112 DoS 2004-11-23 2017-10-10
5.0
None Remote Low Not required None None Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
40 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
41 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
42 CVE-2004-0089 Overflow +Priv 2004-03-03 2017-10-09
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
43 CVE-2004-0088 2004-03-03 2008-09-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
44 CVE-2004-0087 2004-03-03 2017-07-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
45 CVE-2004-0086 2004-03-03 2008-09-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
46 CVE-2004-0085 2004-03-03 2017-07-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
47 CVE-2004-0081 DoS 2004-11-23 2017-10-10
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
48 CVE-2004-0079 DoS 2004-11-23 2017-10-10
5.0
None Remote Low Not required None None Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
49 CVE-2003-1011 2004-03-29 2017-07-10
7.2
Admin Local Low Not required Complete Complete Complete
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
50 CVE-2003-1010 +Priv 2004-03-29 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.