Apple macOS vulnerabilities

CVE-2002-1372 [HIGH] CWE-252 CVE-2002-1372: Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values o Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

CVE-2002-1366 [MEDIUM] CVE-2002-1366: Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to cr Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

CVE-2002-1347 [CRITICAL] CWE-131 CVE-2002-1347: Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not

CVE-2002-1269 [MEDIUM] CVE-2002-1269: Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.

CVE-2002-1267 [MEDIUM] CVE-2002-1267: Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

CVE-2002-1266 [MEDIUM] CVE-2002-1266: Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."

CVE-2002-1268 [MEDIUM] CVE-2002-1268: Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

CVE-2002-1270 [LOW] CVE-2002-1270: Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

CVE-2002-1265 [MEDIUM] CVE-2002-1265: The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism whe The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

CVE-2002-0666 [MEDIUM] CVE-2002-0666: IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of a IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.

CVE-2002-0656 [HIGH] CVE-2002-0656: Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

CVE-2002-0655 [HIGH] CVE-2002-0655: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representati OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2002-0659 [MEDIUM] CVE-2002-0659: The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

CVE-2002-0676 [HIGH] CVE-2002-0676: SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, whic SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

CVE-2001-1565 [LOW] CVE-2001-1565: Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

CVE-2001-0720 [HIGH] CVE-2001-0720: Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary command Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

CVE-2001-0806 [LOW] CVE-2001-0806: Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via inse Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.

CVE-2001-1447 [HIGH] CVE-2001-1447: NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.

CVE-2001-1446 [HIGH] CVE-2001-1446: Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex i Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.