Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5428 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-0882 1 Apple 1 Mac Os X 2008-09-05 5.0 MEDIUM N/A
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
CVE-2003-0378 1 Apple 1 Mac Os X 2008-09-05 7.5 HIGH N/A
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
CVE-2002-2326 1 Apple 1 Mac Os X 2008-09-05 5.0 MEDIUM N/A
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
CVE-2002-1898 1 Apple 1 Mac Os X 2008-09-05 7.2 HIGH N/A
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
CVE-2002-1269 1 Apple 1 Mac Os X 2008-09-05 4.6 MEDIUM N/A
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
CVE-2002-0676 1 Apple 1 Mac Os X 2008-09-05 7.5 HIGH N/A
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVE-2001-1565 1 Apple 1 Mac Os X 2008-09-05 2.1 LOW N/A
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
CVE-2007-0342 2 Apple, Omnigroup 4 Mac Os X, Safari, Webkit and 1 more 2008-09-05 4.3 MEDIUM N/A
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.