Mac Os X@10.3.8 Security Vulnerabilities and Issues — Mac Os X@10.3.8 CVE List

Lucene search

AppleMac Os X10.3.8

21 matches found

cve•added 2005/12/22 11:3 p.m.•422 views

CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

7.8CVSS6AI score0.21773EPSS

cve•added 2005/05/04 4:0 a.m.•123 views

CVE-2005-1342

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

7.5CVSS6.9AI score0.17699EPSS

cve•added 2005/02/13 5:0 a.m.•63 views

CVE-2005-0373

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

7.5CVSS7.4AI score0.04758EPSS

cve•added 2005/03/22 5:0 a.m.•58 views

CVE-2005-0715

AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.

2.1CVSS8.6AI score0.00048EPSS

cve•added 2005/05/04 4:0 a.m.•54 views

CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflo...

7.5CVSS7.7AI score0.05111EPSS

cve•added 2005/05/04 4:0 a.m.•53 views

CVE-2005-1341

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.

5.1CVSS7AI score0.00845EPSS

cve•added 2005/03/22 5:0 a.m.•49 views

CVE-2005-0716

Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.

7.2CVSS9.4AI score0.00198EPSS

cve•added 2005/05/12 4:0 a.m.•49 views

CVE-2005-0971

Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

4.6CVSS7AI score0.00079EPSS

cve•added 2005/05/04 4:0 a.m.•49 views

CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such...

5.1CVSS6.8AI score0.01126EPSS

cve•added 2005/10/25 10:6 p.m.•48 views

CVE-2005-2744

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

5.1CVSS7.5AI score0.04813EPSS

cve•added 2005/05/02 4:0 a.m.•46 views

CVE-2005-0126

ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.

7.5CVSS7.6AI score0.00715EPSS

cve•added 2005/03/22 5:0 a.m.•46 views

CVE-2005-0713

The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.

4.6CVSS9AI score0.00154EPSS

cve•added 2005/05/12 4:0 a.m.•46 views

CVE-2005-0973

Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.

2.1CVSS6.2AI score0.00058EPSS

cve•added 2005/11/01 12:47 p.m.•44 views

CVE-2005-2739

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

2.1CVSS6.3AI score0.00093EPSS

cve•added 2005/05/02 4:0 a.m.•41 views

CVE-2005-0970

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.

7.6CVSS6.7AI score0.00389EPSS

cve•added 2005/05/12 4:0 a.m.•41 views

CVE-2005-0974

Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

7.2CVSS6.5AI score0.00055EPSS

cve•added 2005/05/03 4:0 a.m.•41 views

CVE-2005-1430

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

3.6CVSS6.3AI score0.00048EPSS

cve•added 2005/12/01 2:7 a.m.•41 views

CVE-2005-2757

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."

7.5CVSS8.1AI score0.04091EPSS

cve•added 2005/05/12 4:0 a.m.•40 views

CVE-2005-0969

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

4.6CVSS7.7AI score0.00069EPSS

cve•added 2005/05/12 4:0 a.m.•40 views

CVE-2005-0972

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

7.2CVSS7.5AI score0.0006EPSS

cve•added 2005/08/19 4:0 a.m.•39 views

CVE-2005-2509

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

2.1CVSS9.4AI score0.00076EPSS