405 matches found
CVE-2007-5862
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...
CVE-2007-5862
The CVE-2007-5862 issue affects Mac OS X 10.4.x (up to 10.4.11) and Java for Mac OS X 10.4 Release 6. A crafted Java applet could bypass Keychain access controls and add or delete arbitrary Keychain items, enabling remote privilege escalation. The problem stems from improper verification of user ...
Apple Mac OS X Keychain安全绕过漏洞
BUGTRAQ ID: 26877 CVE ID:CVE-2007-5862 CNCVE ID:CNCVE-20075862 Apple Mac OS X是一款商业性质的基于BSD的操作系统。 Apple Mac OS X在执行部分操作时不正确验证用户信任信息,远程攻击者可以利用漏洞进行安全绕过攻击,修改其他用户帐户等操作。 Keychain升级的访问检查可绕过,特定构建的JAVA APPLET可增加或删除用户keychain中的项目而不对用户进行任何提示操作。可能导致修改其他用户帐户等攻击。 Apple Mac OS X Server 10.4.11 Apple Mac OS X...
Mac OS X : Java for Mac OS X 10.4 Release 6
The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's...
Apple Mac OS X v10.4.11之前版本多个安全漏洞
BUGTRAQ ID: 26444 CVECAN ID:...
Default configuration
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions...
CVE-2007-4699
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions...
CVE-2007-4699
CVE-2007-4699 involves Safari on Apple Mac OS X 10.4–10.4.10 where the default Safari configuration can add a private key to the keychain with permissions that allow other applications to access it without warning. This may bypass intended access restrictions and potentially leak credentials or e...
safari's saved password at risk
I'd like to inform you that safari is prone to a vunlerability that allow a local user to steal safari's saved passwords by using some macosx componenets. More infos about this issue will be made available as soon as apple will provide a fix. I strongly recommend users remove all safari's saved...
CVE-2006-1446
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...
Authentication flaw
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...
CVE-2006-1446
Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an application to bypass a locked Keychain by first obtaining a reference to the Keychain when it is unlocked, then reusing that reference after the Keychain has been locked...
CVE-2006-1446
Technical details for CVE-2006-1446 are not publicly available in the provided documents; monitor for updates.
[SA20077] Mac OS X Security Update Fixes Multiple Vulnerabilities
TITLE: Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA20077 VERIFY ADVISORY: http://secunia.com/advisories/20077/ CRITICAL: Highly critical IMPACT: Security Bypass, Exposure of sensitive information, DoS, System access WHERE: From remote OPERATING SYSTEM: Apple...
Multiple MacOS X vulnerabilities
Invalid ownership information in 'Finder', invalid 'Update' functioning, memberd removed group membership unauthorized access, 'Keychain' password leak, 'Kernel' uninitialized memory leak...
CVE-2005-2739
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password...
CVE-2005-2739
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password...
CVE-2005-2739
CVE-2005-2739 affects Keychain Access on Mac OS X 10.4.2 and earlier, where a password may remain visible if a keychain times out during viewing. This could allow someone with physical access to see the password. The issue is addressed by Apple in the Mac OS X 10.4.3 update (and related 10.4.x pa...
APPLE-SA-2005-10-31 Mac OS X v10.4.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2005-10-31 Mac OS X v10.4.3 Mac OS X v10.4.3 and Mac OS X Server v10.4.3 are now available and deliver the following security enhancements: Finder CVE-ID: CVE-2005-2749 Available for: Mac OS X v10.4.2, Mac OS X Server v10.4.2 Impact: File...
Mac OS X 10.4.x < 10.4.3 Multiple Vulnerabilities
The remote host is running a version of Mac OS X 10.4.x that is prior to 10.4.3. Mac OS X 10.4.3 contains several security fixes for : - Finder - Software Update - memberd - KeyChain - Kernel C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc"; ifdescription...