| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. |
| Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. |
| The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests. |
| Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable. |
| Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended. |
| Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet. |
| The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system. |
| Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. |
| Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. |
| The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. |
| The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. |
| Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." |
| The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. |
| Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter. |
| Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors. |
| The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. |
