Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

23 matches found

CVE•added 2005/08/19 4:0 a.m.•54 views

CVE-2005-2502

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.

5.1CVSS9.6AI score0.01006EPSS

CVE•added 2005/08/19 4:0 a.m.•49 views

CVE-2005-2503

AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

4.6CVSS9AI score0.00071EPSS

CVE•added 2005/08/19 4:0 a.m.•49 views

CVE-2005-2515

Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.

4.6CVSS8.9AI score0.00066EPSS

CVE•added 2005/08/19 4:0 a.m.•49 views

CVE-2005-2516

Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

7.5CVSS9.7AI score0.01074EPSS

CVE•added 2005/08/19 4:0 a.m.•46 views

CVE-2005-2506

Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.

5CVSS9.1AI score0.00458EPSS

CVE•added 2005/08/19 4:0 a.m.•46 views

CVE-2005-2508

dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.

4.6CVSS8.8AI score0.00193EPSS

CVE•added 2005/08/19 4:0 a.m.•45 views

CVE-2005-2512

Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.

2.1CVSS9.4AI score0.00063EPSS

CVE•added 2005/08/19 4:0 a.m.•45 views

CVE-2005-2517

Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.

2.6CVSS9.4AI score0.00305EPSS

CVE•added 2005/08/19 4:0 a.m.•44 views

CVE-2005-2513

Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.

5CVSS9.3AI score0.00595EPSS

CVE•added 2005/08/19 4:0 a.m.•44 views

CVE-2005-2522

Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

5.1CVSS9.6AI score0.02862EPSS

CVE•added 2005/08/19 4:0 a.m.•43 views

CVE-2005-2525

CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).

5CVSS9.2AI score0.00739EPSS

CVE•added 2005/08/19 4:0 a.m.•42 views

CVE-2005-2501

Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.

7.6CVSS9.7AI score0.0131EPSS

CVE•added 2005/08/19 4:0 a.m.•40 views

CVE-2005-2504

The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

7.2CVSS9.4AI score0.00069EPSS

CVE•added 2005/08/19 4:0 a.m.•40 views

CVE-2005-2514

Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.

7.5CVSS9.3AI score0.00987EPSS

CVE•added 2005/08/19 4:0 a.m.•40 views

CVE-2005-2518

Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

7.5CVSS9.9AI score0.02992EPSS

CVE•added 2005/08/19 4:0 a.m.•40 views

CVE-2005-2523

Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3CVSS8AI score0.00533EPSS

CVE•added 2005/08/19 4:0 a.m.•39 views

CVE-2005-2505

Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.

7.5CVSS9.9AI score0.0092EPSS

CVE•added 2005/08/19 4:0 a.m.•39 views

CVE-2005-2509

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

2.1CVSS9.4AI score0.00076EPSS

CVE•added 2005/08/19 4:0 a.m.•39 views

CVE-2005-2511

Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

10CVSS9.7AI score0.00397EPSS

CVE•added 2005/08/19 4:0 a.m.•39 views

CVE-2005-2519

slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.

7.2CVSS9AI score0.0004EPSS

CVE•added 2005/08/19 4:0 a.m.•37 views

CVE-2005-2520

The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.

2.1CVSS9.5AI score0.00078EPSS

CVE•added 2005/08/19 4:0 a.m.•37 views

CVE-2005-2521

Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.

4.6CVSS9.3AI score0.00096EPSS

CVE•added 2005/08/19 4:0 a.m.•36 views

CVE-2005-2526

CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

5CVSS9AI score0.00739EPSS