Apple macOS vulnerabilities

CVE-2004-0165 [MEDIUM] CVE-2004-0165: Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

CVE-2004-0166 [MEDIUM] CVE-2004-0166: Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in t Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."

CVE-2004-0092 [CRITICAL] CVE-2004-0092: Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2004-0089 [MEDIUM] CVE-2004-0089: Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privi Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.

CVE-2004-0086 [MEDIUM] CVE-2004-0086: Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vect Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.

CVE-2004-0085 [MEDIUM] CVE-2004-0085: Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.

CVE-2004-0087 [LOW] CVE-2004-0087: The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.

CVE-2004-0088 [LOW] CVE-2004-0088: The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.

CVE-2003-1005 [MEDIUM] CVE-2003-1005: The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of ser The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.

CVE-2003-0975 [MEDIUM] CVE-2003-0975: Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

CVE-2003-0913 [MEDIUM] CVE-2003-0913: Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "u Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."

CVE-2001-1411 [HIGH] CVE-2001-1411: Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if Format string vulnerability in gm4 (aka m4) on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs.

CVE-2003-0804 [MEDIUM] CVE-2003-0804: The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-ba The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.

CVE-2001-1412 [LOW] CVE-2001-1412: nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password f nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.

CVE-2003-0871 [HIGH] CVE-2003-0871: Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."

CVE-2003-0881 [HIGH] CVE-2003-0881: Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authenti Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.

CVE-2003-0877 [MEDIUM] CVE-2003-0877: Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and rea Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.

CVE-2003-0882 [MEDIUM] CVE-2003-0882: Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attac Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.

CVE-2003-0880 [MEDIUM] CVE-2003-0880: Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behin Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.

CVE-2003-0883 [MEDIUM] CVE-2003-0883: The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Prefer The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system.