Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2714 | 0.00 | — | 0.01 | Dec 31, 2005 | passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file. | |||
| CVE-2005-4678 | 0.00 | — | 0.01 | Dec 31, 2005 | Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2005-2527 | 0.00 | — | 0.00 | Dec 31, 2005 | Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | |||
| CVE-2005-4217 | 0.00 | — | 0.03 | Dec 14, 2005 | Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges. | |||
| CVE-2005-3705 | 0.00 | — | 0.04 | Dec 1, 2005 | Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||
| CVE-2005-3701 | 0.00 | — | 0.00 | Dec 1, 2005 | Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. | |||
| CVE-2005-3702 | 0.00 | — | 0.02 | Dec 1, 2005 | Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||
| CVE-2005-3700 | 0.00 | — | 0.00 | Dec 1, 2005 | Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | |||
| CVE-2005-3704 | 0.00 | — | 0.02 | Dec 1, 2005 | System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | |||
| CVE-2005-2757 | 0.00 | — | 0.04 | Dec 1, 2005 | Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | |||
| CVE-2005-3897 | 0.00 | — | 0.01 | Nov 29, 2005 | Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. | |||
| CVE-2005-2938 | 0.00 | — | 0.00 | Nov 18, 2005 | Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. | |||
| CVE-2005-2756 | 0.00 | — | 0.04 | Nov 5, 2005 | Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion. | |||
| CVE-2005-2753 | 0.00 | — | 0.02 | Nov 5, 2005 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string. | |||
| CVE-2005-2755 | 0.00 | — | 0.02 | Nov 5, 2005 | Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference. | |||
| CVE-2005-2754 | 0.00 | — | 0.02 | Nov 5, 2005 | Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes." | |||
| CVE-2005-2752 | 0.00 | — | 0.00 | Nov 1, 2005 | An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | |||
| CVE-2005-2749 | 0.00 | — | 0.00 | Nov 1, 2005 | Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. | |||
| CVE-2005-2751 | 0.00 | — | 0.00 | Nov 1, 2005 | memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||
| CVE-2005-2739 | 0.00 | — | 0.00 | Nov 1, 2005 | Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | |||
| CVE-2005-2750 | 0.00 | — | 0.00 | Nov 1, 2005 | Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed. | |||
| CVE-2005-2742 | 0.00 | — | 0.00 | Oct 26, 2005 | SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the… | |||
| CVE-2005-2524 | 0.00 | — | 0.01 | Oct 26, 2005 | Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site. | |||
| CVE-2005-2745 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | |||
| CVE-2005-2746 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | |||
| CVE-2005-2743 | 0.00 | — | 0.05 | Oct 26, 2005 | The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code. | |||
| CVE-2005-2741 | 0.00 | — | 0.00 | Oct 26, 2005 | Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators. | |||
| CVE-2005-2748 | 0.00 | — | 0.00 | Oct 25, 2005 | The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application. | |||
| CVE-2005-2744 | 0.00 | — | 0.04 | Oct 25, 2005 | Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | |||
| CVE-2005-2747 | 0.00 | — | 0.05 | Oct 25, 2005 | Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | |||
| CVE-2005-2520 | 0.00 | — | 0.00 | Aug 19, 2005 | The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. | |||
| CVE-2005-2505 | 0.00 | — | 0.02 | Aug 19, 2005 | Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation. | |||
| CVE-2005-2507 | 0.00 | — | 0.06 | Aug 19, 2005 | Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||
| CVE-2005-2502 | 0.00 | — | 0.03 | Aug 19, 2005 | Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file. | |||
| CVE-2005-2510 | 0.00 | — | 0.00 | Aug 19, 2005 | The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less… | |||
| CVE-2005-2506 | 0.00 | — | 0.01 | Aug 19, 2005 | Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates. | |||
| CVE-2005-2522 | 0.00 | — | 0.04 | Aug 19, 2005 | Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file. | |||
| CVE-2005-2517 | 0.00 | — | 0.01 | Aug 19, 2005 | Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site. | |||
| CVE-2005-2515 | 0.00 | — | 0.00 | Aug 19, 2005 | Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | |||
| CVE-2005-2525 | 0.00 | — | 0.02 | Aug 19, 2005 | CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt). | |||
| CVE-2005-2511 | 0.00 | — | 0.02 | Aug 19, 2005 | Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window. | |||
| CVE-2005-2521 | 0.00 | — | 0.00 | Aug 19, 2005 | Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors. | |||
| CVE-2005-2512 | 0.00 | — | 0.00 | Aug 19, 2005 | Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. | |||
| CVE-2005-2514 | 0.00 | — | 0.03 | Aug 19, 2005 | Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. | |||
| CVE-2005-2509 | 0.00 | — | 0.00 | Aug 19, 2005 | Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts. | |||
| CVE-2005-2519 | 0.00 | — | 0.00 | Aug 19, 2005 | slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges. | |||
| CVE-2005-2518 | 0.00 | — | 0.05 | Aug 19, 2005 | Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication. | |||
| CVE-2005-2503 | 0.00 | — | 0.00 | Aug 19, 2005 | AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | |||
| CVE-2005-2526 | 0.00 | — | 0.02 | Aug 19, 2005 | CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection. | |||
| CVE-2005-2513 | 0.00 | — | 0.01 | Aug 19, 2005 | Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. |
- CVE-2005-2714Dec 31, 2005risk 0.00cvss —epss 0.01
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
- CVE-2005-4678Dec 31, 2005risk 0.00cvss —epss 0.01
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2005-2527Dec 31, 2005risk 0.00cvss —epss 0.00
Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.
- CVE-2005-4217Dec 14, 2005risk 0.00cvss —epss 0.03
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
- CVE-2005-3705Dec 1, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
- CVE-2005-3701Dec 1, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
- CVE-2005-3702Dec 1, 2005risk 0.00cvss —epss 0.02
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
- CVE-2005-3700Dec 1, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
- CVE-2005-3704Dec 1, 2005risk 0.00cvss —epss 0.02
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
- CVE-2005-2757Dec 1, 2005risk 0.00cvss —epss 0.04
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
- CVE-2005-3897Nov 29, 2005risk 0.00cvss —epss 0.01
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
- CVE-2005-2938Nov 18, 2005risk 0.00cvss —epss 0.00
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
- CVE-2005-2756Nov 5, 2005risk 0.00cvss —epss 0.04
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
- CVE-2005-2753Nov 5, 2005risk 0.00cvss —epss 0.02
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
- CVE-2005-2755Nov 5, 2005risk 0.00cvss —epss 0.02
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
- CVE-2005-2754Nov 5, 2005risk 0.00cvss —epss 0.02
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
- CVE-2005-2752Nov 1, 2005risk 0.00cvss —epss 0.00
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
- CVE-2005-2749Nov 1, 2005risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
- CVE-2005-2751Nov 1, 2005risk 0.00cvss —epss 0.00
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
- CVE-2005-2739Nov 1, 2005risk 0.00cvss —epss 0.00
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
- CVE-2005-2750Nov 1, 2005risk 0.00cvss —epss 0.00
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
- CVE-2005-2742Oct 26, 2005risk 0.00cvss —epss 0.00
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the…
- CVE-2005-2524Oct 26, 2005risk 0.00cvss —epss 0.01
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
- CVE-2005-2745Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
- CVE-2005-2746Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
- CVE-2005-2743Oct 26, 2005risk 0.00cvss —epss 0.05
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
- CVE-2005-2741Oct 26, 2005risk 0.00cvss —epss 0.00
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
- CVE-2005-2748Oct 25, 2005risk 0.00cvss —epss 0.00
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
- CVE-2005-2744Oct 25, 2005risk 0.00cvss —epss 0.04
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
- CVE-2005-2747Oct 25, 2005risk 0.00cvss —epss 0.05
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
- CVE-2005-2520Aug 19, 2005risk 0.00cvss —epss 0.00
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
- CVE-2005-2505Aug 19, 2005risk 0.00cvss —epss 0.02
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
- CVE-2005-2507Aug 19, 2005risk 0.00cvss —epss 0.06
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
- CVE-2005-2502Aug 19, 2005risk 0.00cvss —epss 0.03
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
- CVE-2005-2510Aug 19, 2005risk 0.00cvss —epss 0.00
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less…
- CVE-2005-2506Aug 19, 2005risk 0.00cvss —epss 0.01
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
- CVE-2005-2522Aug 19, 2005risk 0.00cvss —epss 0.04
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
- CVE-2005-2517Aug 19, 2005risk 0.00cvss —epss 0.01
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
- CVE-2005-2515Aug 19, 2005risk 0.00cvss —epss 0.00
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.
- CVE-2005-2525Aug 19, 2005risk 0.00cvss —epss 0.02
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
- CVE-2005-2511Aug 19, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
- CVE-2005-2521Aug 19, 2005risk 0.00cvss —epss 0.00
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
- CVE-2005-2512Aug 19, 2005risk 0.00cvss —epss 0.00
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
- CVE-2005-2514Aug 19, 2005risk 0.00cvss —epss 0.03
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
- CVE-2005-2509Aug 19, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
- CVE-2005-2519Aug 19, 2005risk 0.00cvss —epss 0.00
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
- CVE-2005-2518Aug 19, 2005risk 0.00cvss —epss 0.05
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
- CVE-2005-2503Aug 19, 2005risk 0.00cvss —epss 0.00
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
- CVE-2005-2526Aug 19, 2005risk 0.00cvss —epss 0.02
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
- CVE-2005-2513Aug 19, 2005risk 0.00cvss —epss 0.01
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
Page 165 of 169