CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Mac Os X : Security Vulnerabilities Published In 2010 (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-1838 287 Bypass 2010-11-15 2011-01-12
4.4
User Local Medium Not required Partial Partial Partial
Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.
2 CVE-2010-1820 287 Bypass 2010-09-21 2017-09-18
6.8
None Remote Medium Not required Partial Partial Partial
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
3 CVE-2010-1378 310 Bypass 2010-11-15 2010-11-22
7.5
None Remote Low Not required Partial Partial Partial
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.
4 CVE-2010-0545 264 Bypass 2010-06-17 2010-06-17
4.4
None Local Medium Not required Partial Partial Partial
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
5 CVE-2010-0535 264 Bypass 2010-03-30 2010-06-21
6.5
User Remote Low Single system Partial Partial Partial
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
6 CVE-2010-0512 264 Bypass 2010-03-30 2010-05-21
9.3
None Remote Medium Not required Complete Complete Complete
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
7 CVE-2010-0064 264 Bypass 2010-03-30 2010-03-31
6.9
None Local Medium Not required Complete Complete Complete
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.
8 CVE-2010-0057 264 Bypass 2010-03-30 2010-03-31
7.5
None Remote Low Not required Partial Partial Partial
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
9 CVE-2009-2801 264 Bypass 2010-03-30 2010-03-31
6.4
None Remote Low Not required None Partial Partial
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
Total number of vulnerabilities : 9   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.