Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
5.0
EPSS Score
0.14%
Published
2005-12-31
Updated
2008-09-05
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
Max CVSS
7.8
EPSS Score
11.01%
Published
2005-12-22
Updated
2017-07-20
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
Max CVSS
7.5
EPSS Score
2.14%
Published
2005-12-14
Updated
2017-07-20
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
Max CVSS
7.5
EPSS Score
94.96%
Published
2005-12-08
Updated
2018-10-19
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-12-31
Updated
2008-09-05
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
Max CVSS
5.0
EPSS Score
2.55%
Published
2005-12-31
Updated
2011-03-07
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
Max CVSS
7.5
EPSS Score
24.61%
Published
2005-12-31
Updated
2018-10-19
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
Max CVSS
6.5
EPSS Score
1.28%
Published
2005-12-31
Updated
2017-07-11
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
Max CVSS
7.5
EPSS Score
62.80%
Published
2005-12-31
Updated
2018-10-19
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
Max CVSS
7.5
EPSS Score
83.64%
Published
2005-12-31
Updated
2018-10-19
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
Max CVSS
7.5
EPSS Score
5.35%
Published
2005-12-31
Updated
2017-07-11
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Max CVSS
7.5
EPSS Score
5.59%
Published
2005-12-31
Updated
2017-07-11
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Max CVSS
7.5
EPSS Score
5.23%
Published
2005-12-31
Updated
2017-07-11
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
Max CVSS
6.4
EPSS Score
0.76%
Published
2005-12-31
Updated
2017-07-11
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
Max CVSS
7.5
EPSS Score
11.88%
Published
2005-12-01
Updated
2017-07-11
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
Max CVSS
5.0
EPSS Score
2.98%
Published
2005-12-01
Updated
2017-07-11
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
Max CVSS
5.0
EPSS Score
1.07%
Published
2005-12-01
Updated
2011-03-08
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
Max CVSS
7.2
EPSS Score
0.06%
Published
2005-12-01
Updated
2017-07-11
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
Max CVSS
4.6
EPSS Score
0.06%
Published
2005-12-01
Updated
2017-07-11
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
Max CVSS
7.5
EPSS Score
11.88%
Published
2005-12-01
Updated
2017-07-11
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
Max CVSS
6.8
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-19
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
Max CVSS
6.8
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-19
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
Max CVSS
7.5
EPSS Score
96.80%
Published
2005-12-31
Updated
2018-10-19
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
Max CVSS
5.0
EPSS Score
4.69%
Published
2005-12-31
Updated
2017-07-11
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
Max CVSS
4.6
EPSS Score
0.06%
Published
2005-12-31
Updated
2017-07-11
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!