VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2005-0971May 12, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

  • CVE-2005-0972May 12, 2005
    risk 0.00cvss epss 0.00

    Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

  • CVE-2005-1330May 4, 2005
    risk 0.00cvss epss 0.00

    AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.

  • CVE-2005-1336May 4, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.

  • CVE-2005-1335May 4, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."

  • CVE-2005-1341May 4, 2005
    risk 0.00cvss epss 0.03

    Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.

  • CVE-2005-1337May 4, 2005
    risk 0.00cvss epss 0.01

    Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.

  • CVE-2005-1332May 4, 2005
    risk 0.00cvss epss 0.02

    Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.

  • CVE-2005-1340May 4, 2005
    risk 0.00cvss epss 0.01

    The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.

  • CVE-2005-1331May 4, 2005
    risk 0.00cvss epss 0.02

    The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain…

  • CVE-2005-1342May 4, 2005
    risk 0.00cvss epss 0.05

    The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

  • CVE-2005-1338May 4, 2005
    risk 0.00cvss epss 0.00

    Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext.

  • CVE-2005-1339May 4, 2005
    risk 0.00cvss epss 0.01

    lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.

  • CVE-2005-1430May 3, 2005
    risk 0.00cvss epss 0.00

    Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

  • CVE-2005-1343May 3, 2005
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.

  • CVE-2005-0127May 2, 2005
    risk 0.00cvss epss 0.03

    Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

  • CVE-2005-0712May 2, 2005
    risk 0.00cvss epss 0.00

    Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.

  • CVE-2005-0970May 2, 2005
    risk 0.00cvss epss 0.01

    Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.

  • CVE-2005-0975May 2, 2005
    risk 0.00cvss epss 0.01

    Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.

  • CVE-2005-0126May 2, 2005
    risk 0.00cvss epss 0.03

    ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.

Page 100 of 105