Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
Max CVSS
2.6
EPSS Score
1.17%
Published
2006-03-03
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
Max CVSS
2.6
EPSS Score
0.49%
Published
2006-03-03
Updated
2017-07-20
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
Max CVSS
2.6
EPSS Score
0.61%
Published
2006-05-12
Updated
2017-07-20
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
Max CVSS
2.6
EPSS Score
0.77%
Published
2006-07-06
Updated
2017-07-20
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
Max CVSS
2.6
EPSS Score
0.67%
Published
2006-12-20
Updated
2011-03-08
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.15%
Published
2008-03-18
Updated
2017-08-08
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.17%
Published
2008-03-18
Updated
2017-08-08
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.
Max CVSS
2.6
EPSS Score
0.18%
Published
2010-03-30
Updated
2010-06-18
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
Max CVSS
2.6
EPSS Score
0.15%
Published
2011-10-14
Updated
2012-01-14
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
Max CVSS
2.6
EPSS Score
0.11%
Published
2011-10-14
Updated
2012-01-14
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-03
Updated
2017-07-11
CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-01-27
Updated
2017-10-11
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-02
Updated
2017-07-11
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-02
Updated
2017-07-11
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-12-02
Updated
2017-07-11
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2017-07-11
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-03-21
Updated
2008-09-05
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-05-02
Updated
2017-07-11
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-06-08
Updated
2016-10-18
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-08-19
Updated
2008-09-05
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
Max CVSS
2.1
EPSS Score
0.21%
Published
2005-11-01
Updated
2017-07-11
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-10-25
Updated
2008-09-05
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-11-01
Updated
2017-07-11
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-11-01
Updated
2017-07-11
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-11-01
Updated
2017-07-11
47 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!