CVE-2005-1473

SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field...

CVE-2010-0064

DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users...

CVE-2010-0523

Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet...

CVE-2010-0501

Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames...

CVE-2010-0510

Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password...

CVE-2010-0509

SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts...

CVE-2010-0533

Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors...

CVE-2010-0506

Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted NEF image...

CVE-2010-0065

Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted disk image with bzip2 compression...

CVE-2010-0502

iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type...

CVE-2010-0546

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder...

CVE-2010-0504

Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service application crash via unspecified vectors...

CVE-2010-0522

Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing...

CVE-2011-0180

Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary 1 HFS, 2 HFS+, or 3 HFS+J files via a crafted FREADBOOTSTRAP ioctl call...

CVE-2011-0181

Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted XBM image...

CVE-2011-0190

Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server...

CVE-2011-0639

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

CVE-2011-0189

The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities...

CVE-2011-0194

Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted TIFF image with JPEG encoding...

CVE-2011-0178

The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory...