Filtered by vendor Apple Subscriptions
Filtered by product Mac Os X Subscriptions
Total 5567 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2002-1369 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2024-11-21 N/A
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2002-1368 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2024-11-21 N/A
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
CVE-2002-1367 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2024-11-21 N/A
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
CVE-2002-1366 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2024-11-21 N/A
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
CVE-2002-1347 3 Apple, Cyrusimap, Redhat 4 Mac Os X, Mac Os X Server, Cyrus Sasl and 1 more 2024-11-21 9.8 Critical
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
CVE-2002-1270 1 Apple 1 Mac Os X 2024-11-21 N/A
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
CVE-2002-1269 1 Apple 1 Mac Os X 2024-11-21 N/A
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
CVE-2002-1268 1 Apple 1 Mac Os X 2024-11-21 N/A
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
CVE-2002-1267 1 Apple 1 Mac Os X 2024-11-21 N/A
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
CVE-2002-1266 1 Apple 1 Mac Os X 2024-11-21 N/A
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
CVE-2002-1265 3 Apple, Gnu, Sgi 4 Mac Os X, Mac Os X Server, Glibc and 1 more 2024-11-21 N/A
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
CVE-2002-0676 1 Apple 1 Mac Os X 2024-11-21 N/A
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVE-2002-0666 6 Apple, Freebsd, Frees Wan and 3 more 12 Mac Os X, Mac Os X Server, Freebsd and 9 more 2024-11-21 N/A
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
CVE-2002-0659 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2024-11-21 N/A
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
CVE-2002-0656 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2024-11-21 N/A
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
CVE-2002-0655 4 Apple, Openssl, Oracle and 1 more 8 Mac Os X, Openssl, Application Server and 5 more 2024-11-21 N/A
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2001-1565 1 Apple 1 Mac Os X 2024-11-21 N/A
Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.
CVE-2001-1447 1 Apple 1 Mac Os X 2024-11-21 N/A
NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to gain root privileges by opening applications using the (1) "recent items" and (2) "services" menus, which causes the applications to run with root privileges.
CVE-2001-1446 1 Apple 1 Mac Os X 2024-11-21 N/A
Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable index files named .FBCIndex in every directory, which allows remote attackers to learn the contents of files in web accessible directories.
CVE-2001-1412 1 Apple 1 Mac Os X 2024-11-21 N/A
nidump on MacOS X before 10.3 allows local users to read the encrypted passwords from the password file by specifying passwd as a command line argument.