Apple Security Vulnerabilities
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
7.3AI Score
0.659EPSS
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
5.8AI Score
0.006EPSS
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
6.3AI Score
0.006EPSS
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
5.5AI Score
0.003EPSS
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using ...
6.7AI Score
0.01EPSS
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
7.6AI Score
0.04EPSS
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
6.7AI Score
0.0004EPSS
Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.
7.7AI Score
0.116EPSS
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
7.2AI Score
0.0004EPSS
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
6.8AI Score
0.002EPSS
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
7.3AI Score
0.971EPSS
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.
6.6AI Score
0.008EPSS
The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet o...
6.5AI Score
0.028EPSS
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
7AI Score
0.003EPSS
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
6.3AI Score
0.007EPSS
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set.
6.8AI Score
0.001EPSS
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
6.8AI Score
0.001EPSS
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
6AI Score
0.0004EPSS
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
6.1AI Score
0.008EPSS
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
6.2AI Score
0.003EPSS
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
6.3AI Score
0.013EPSS
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
6.5AI Score
0.013EPSS
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
6.2AI Score
0.05EPSS
The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a "Setup Assistant" page that allows remote attackers to set the administrator password and gain privileges before the real administrator.
6.4AI Score
0.007EPSS
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) ...
9.8CVSS
9.8AI Score
0.795EPSS
Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421.
6.1AI Score
0.008EPSS
Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the ...
6.2AI Score
0.05EPSS
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
7.2AI Score
0.001EPSS
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
7AI Score
0.008EPSS
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
6.8AI Score
0.006EPSS
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
7.7AI Score
0.052EPSS
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
6.6AI Score
0.012EPSS
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
7.2AI Score
0.002EPSS
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
6.5AI Score
0.001EPSS
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
6.3AI Score
0.0004EPSS
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
6.8AI Score
0.0004EPSS
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
6.7AI Score
0.0004EPSS
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
7.5AI Score
0.004EPSS
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
7AI Score
0.002EPSS
The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.
6.5AI Score
0.0004EPSS
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).
7.7AI Score
0.003EPSS
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
6.6AI Score
0.001EPSS
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
6.1AI Score
0.005EPSS
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
6.7AI Score
0.01EPSS
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
7.3AI Score
0.0004EPSS
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
6.2AI Score
0.004EPSS
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
6.3AI Score
0.0004EPSS
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
6.5AI Score
0.017EPSS
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
6AI Score
0.0004EPSS
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
6.7AI Score
0.008EPSS