Vulnerabilities > Apple > MAC OS X > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-07-30 | CVE-2010-1796 | Information Exposure vulnerability in Apple Safari and Webkit The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields. | 2.6 |
| 2010-06-17 | CVE-2010-0546 | Link Following vulnerability in Apple mac OS X and mac OS X Server Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | 3.3 |
| 2010-06-17 | CVE-2010-1381 | Configuration vulnerability in Apple mac OS X and mac OS X Server The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. | 3.5 |
| 2010-06-17 | CVE-2010-1382 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | 3.5 |
| 2010-03-30 | CVE-2010-0537 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | 2.6 |
| 2009-02-13 | CVE-2009-0013 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information. | 2.1 |
| 2009-02-13 | CVE-2009-0014 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. | 2.1 |
| 2009-02-12 | CVE-2009-0142 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." | 1.9 |
| 2008-09-16 | CVE-2008-2329 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | 1.9 |
| 2008-09-16 | CVE-2008-3619 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |