MAC OS X

DATE	CVE	VULNERABILITY TITLE	RISK
2004-11-23	CVE-2004-0081	OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. network low complexity cisco symantec hp avaya freebsd openbsd redhat sco apple 4d checkpoint lite neoteris novell openssl sgi stonesoft vmware bluecoat securecomputing dell tarantella sun	5.0
2004-11-23	CVE-2004-0079	NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. network low complexity cisco symantec hp avaya redhat freebsd openbsd apple sco 4d checkpoint dell lite neoteris novell openssl sgi stonesoft tarantella vmware bluecoat securecomputing sun CWE-476	7.5
2004-10-07	CVE-2005-0373	Remote And Local vulnerability in Cyrus SASL Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. network low complexity cyrus openpkg suse conectiva apple redhat	7.5
2004-09-07	CVE-2004-0823	OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. network low complexity openldap apple	7.5
2004-09-07	CVE-2004-0822	Environment Variable Buffer Overflow vulnerability in Apple CoreFoundation Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable. local low complexity apple	7.2
2004-08-18	CVE-2004-0518	Remote Security vulnerability in Apple Mac OS X Server Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. network low complexity apple	7.5
2004-08-18	CVE-2004-0517	Security vulnerability in Apple Mac OS X Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. local low complexity apple	4.6
2004-08-18	CVE-2004-0516	Security vulnerability in Apple Mac OS X Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. local low complexity apple	4.6
2004-08-18	CVE-2004-0515	Security vulnerability in Apple Mac OS X Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." local low complexity apple	4.6
2004-08-18	CVE-2004-0514	Security vulnerability in Apple Mac OS X Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." local low complexity apple	7.2