CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2003-0804 DoS 2003-11-17 2008-09-10
5.0
None Remote Low Not required None None Partial
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
652 CVE-2003-0425 Dir. Trav. 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request.
653 CVE-2003-0424 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi.
654 CVE-2003-0423 2003-08-27 2008-09-10
5.0
None Remote Low Not required Partial None None
parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter.
655 CVE-2003-0422 DoS 2003-08-27 2008-09-10
5.0
None Remote Low Not required None None Partial
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
656 CVE-2003-0379 2003-07-24 2011-03-08
5.0
None Remote Low Not required None Partial None
Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files.
657 CVE-2003-0355 2003-06-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
658 CVE-2003-0052 2003-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
659 CVE-2003-0051 2003-03-07 2016-10-18
5.0
None Remote Low Not required Partial None None
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
660 CVE-2002-2326 310 2002-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
661 CVE-2002-1372 DoS 2002-12-26 2017-10-10
5.0
None Remote Low Not required None None Partial
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
662 CVE-2002-1267 DoS 2002-12-11 2017-10-10
5.0
None Remote Low Not required None None Partial
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
663 CVE-2002-1265 DoS 2002-11-12 2017-10-10
5.0
None Remote Low Not required None None Partial
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
664 CVE-2002-0666 DoS 2002-11-04 2008-09-10
5.0
None Remote Low Not required None None Partial
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
665 CVE-2002-0659 DoS 2002-08-12 2008-09-10
5.0
None Remote Low Not required None None Partial
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
666 CVE-2001-1575 DoS Overflow 2001-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.
667 CVE-2001-0649 DoS 2001-09-20 2017-12-19
5.0
None Remote Low Not required None None Partial
Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial of service via a long HTTP request.
668 CVE-2000-0346 2000-05-02 2017-11-27
5.0
None Remote Low Not required Partial None None
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
669 CVE-2000-0299 DoS Overflow 2000-04-04 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
670 CVE-2000-0041 1999-12-28 2021-09-22
5.0
None Remote Low Not required None None Partial
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
671 CVE-1999-1412 DoS 1999-06-03 2021-09-22
5.0
None Remote Low Not required None None Partial
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
672 CVE-1999-1015 DoS Overflow 1998-04-08 2017-11-21
5.0
None Remote Low Not required None None Partial
Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and earlier allows a remote attacker to cause a denial of service (crash) via a long HELO command.
673 CVE-1999-0897 1998-09-09 2016-10-18
5.0
None Remote Low Not required Partial None None
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Total number of vulnerabilities : 662   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.