# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2012-3718 |
200 |
|
+Info |
2012-09-20 |
2013-06-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. |
2 |
CVE-2012-0657 |
264 |
|
Bypass |
2012-05-11 |
2012-05-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. |
3 |
CVE-2011-3435 |
255 |
|
|
2011-10-14 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. |
4 |
CVE-2011-3224 |
|
|
Exec Code |
2011-10-14 |
2012-01-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. |
5 |
CVE-2011-3218 |
79 |
|
XSS |
2011-10-14 |
2012-01-14 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document. |
6 |
CVE-2011-3216 |
264 |
|
Bypass |
2011-10-14 |
2012-01-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. |
7 |
CVE-2011-3215 |
264 |
|
Bypass |
2011-10-14 |
2012-01-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. |
8 |
CVE-2011-3212 |
310 |
|
+Info |
2011-10-14 |
2012-05-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that all disk data is encrypted during the enabling of FileVault, which makes it easier for physically proximate attackers to obtain sensitive information by reading directly from the disk device. |
9 |
CVE-2011-0197 |
200 |
|
+Info |
2011-06-24 |
2011-10-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions. |
10 |
CVE-2011-0180 |
189 |
|
Overflow |
2011-03-23 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. |
11 |
CVE-2011-0178 |
200 |
|
+Info |
2011-03-23 |
2011-03-24 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. |
12 |
CVE-2010-0537 |
264 |
|
|
2010-03-30 |
2010-06-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. |
13 |
CVE-2009-0141 |
264 |
|
|
2009-02-13 |
2017-08-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. |
14 |
CVE-2009-0014 |
264 |
|
Bypass |
2009-02-13 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. |
15 |
CVE-2009-0013 |
255 |
|
+Priv |
2009-02-13 |
2017-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. |
16 |
CVE-2008-3619 |
264 |
|
+Info |
2008-09-16 |
2017-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. |
17 |
CVE-2008-1578 |
200 |
|
+Info |
2008-06-02 |
2017-08-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. |
18 |
CVE-2008-0995 |
200 |
|
+Info |
2008-03-18 |
2017-08-08 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. |
19 |
CVE-2008-0994 |
200 |
|
+Info |
2008-03-18 |
2017-08-08 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. |
20 |
CVE-2007-4701 |
264 |
|
|
2007-11-15 |
2017-07-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. |
21 |
CVE-2007-0751 |
|
|
DoS |
2007-05-24 |
2017-07-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. |
22 |
CVE-2006-6127 |
|
|
DoS |
2006-11-27 |
2017-07-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. |
23 |
CVE-2006-6126 |
|
|
DoS Mem. Corr. |
2006-11-27 |
2017-07-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. |
24 |
CVE-2006-5681 |
|
|
+Info |
2006-12-20 |
2011-03-08 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. |
25 |
CVE-2006-3499 |
|
|
+Info |
2006-08-03 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. |
26 |
CVE-2006-3495 |
|
|
|
2006-08-02 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users. |
27 |
CVE-2006-3356 |
|
|
DoS |
2006-07-06 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. |
28 |
CVE-2006-1981 |
|
|
|
2006-04-21 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may cause InputMethods to send input events for secure fields to the wrong text field, which might reveal the password to others who can view the screen. |
29 |
CVE-2006-1457 |
|
|
|
2006-05-12 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink. |
30 |
CVE-2006-0389 |
|
|
XSS |
2006-03-03 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds. |
31 |
CVE-2006-0388 |
94 |
|
|
2006-03-03 |
2017-07-20 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources. |
32 |
CVE-2005-3782 |
|
|
Bypass |
2005-12-31 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. |
33 |
CVE-2005-2752 |
200 |
|
+Info |
2005-11-01 |
2011-03-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. |
34 |
CVE-2005-2751 |
|
|
|
2005-11-01 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. |
35 |
CVE-2005-2750 |
|
|
|
2005-11-01 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed. |
36 |
CVE-2005-2749 |
|
|
|
2005-11-01 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. |
37 |
CVE-2005-2748 |
|
|
|
2005-10-25 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. |
38 |
CVE-2005-2739 |
|
|
|
2005-11-01 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. |
39 |
CVE-2005-2509 |
|
|
|
2005-08-19 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. |
40 |
CVE-2005-1725 |
|
|
|
2005-06-08 |
2016-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. |
41 |
CVE-2005-0975 |
|
|
DoS |
2005-05-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. |
42 |
CVE-2005-0715 |
|
|
|
2005-03-21 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. |
43 |
CVE-2005-0342 |
|
|
+Priv |
2005-05-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. |
44 |
CVE-2004-1087 |
|
|
|
2004-12-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. |
45 |
CVE-2004-1085 |
|
|
|
2004-12-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode. |
46 |
CVE-2004-1081 |
|
|
|
2004-12-02 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session. |
47 |
CVE-2004-0923 |
|
|
+Info |
2005-01-27 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. |
48 |
CVE-2003-0876 |
|
|
|
2003-11-03 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. |