CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4678 2005-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2 CVE-2005-4504 DoS 2005-12-22 2008-09-05
7.8
None Remote Low Not required None None Complete
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
3 CVE-2005-4217 264 +Priv 2005-12-14 2011-08-23
7.5
User Remote Low Not required Partial Partial Partial
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
4 CVE-2005-4092 DoS Exec Code Overflow 2005-12-08 2009-04-03
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
5 CVE-2005-3897 DoS 2005-11-29 2008-09-05
7.8
None Remote Low Not required None None Complete
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
6 CVE-2005-3782 Bypass 2005-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
7 CVE-2005-3714 DoS 2005-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
8 CVE-2005-3713 119 Exec Code Overflow 2005-12-31 2011-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
9 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2011-10-17
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
10 CVE-2005-3711 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.
11 CVE-2005-3710 189 Exec Code Overflow 2005-12-31 2011-10-12
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
12 CVE-2005-3709 189 DoS Exec Code 2005-12-31 2011-10-11
7.5
User Remote Low Not required Partial Partial Partial
Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.
13 CVE-2005-3708 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
14 CVE-2005-3707 Exec Code Overflow 2005-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
15 CVE-2005-3706 Exec Code Overflow 2005-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
16 CVE-2005-3705 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors.
17 CVE-2005-3704 2005-11-30 2013-09-08
5.0
None Remote Low Not required None Partial None
System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL).
18 CVE-2005-3702 2005-11-30 2008-09-05
5.0
None Remote Low Not required None Partial None
Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name.
19 CVE-2005-3701 +Priv 2005-11-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
20 CVE-2005-3700 Exec Code 2005-11-30 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
21 CVE-2005-3018 DoS 2005-09-21 2008-09-05
5.0
None Remote Low Not required None None Partial
Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.
22 CVE-2005-2938 264 +Priv 2005-11-18 2011-03-10
7.2
Admin Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.
23 CVE-2005-2757 Exec Code Overflow 2005-11-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."
24 CVE-2005-2756 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
25 CVE-2005-2755 DoS 2005-11-05 2008-09-05
2.6
None Remote High Not required None None Partial
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
26 CVE-2005-2754 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
27 CVE-2005-2753 Exec Code Overflow 2005-11-05 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.
28 CVE-2005-2752 200 +Info 2005-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.
29 CVE-2005-2751 2005-11-01 2008-09-05
2.1
None Local Low Not required Partial None None
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.
30 CVE-2005-2750 2005-11-01 2008-09-05
2.1
None Local Low Not required None Partial None
Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.
31 CVE-2005-2749 2005-11-01 2009-02-06
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability.
32 CVE-2005-2748 2005-10-25 2008-09-05
2.1
None Local Low Not required None Partial None
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
33 CVE-2005-2747 Exec Code Overflow 2005-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
34 CVE-2005-2746 2005-10-25 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
35 CVE-2005-2745 +Info 2005-10-25 2008-09-05
5.0
None Remote Low Not required Partial None None
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
36 CVE-2005-2744 Exec Code Overflow 2005-10-25 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
37 CVE-2005-2743 Exec Code 2005-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.
38 CVE-2005-2742 Bypass 2005-10-25 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.
39 CVE-2005-2741 +Priv 2005-10-25 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.
40 CVE-2005-2739 2005-11-01 2009-02-06
2.1
None Local Low Not required Partial None None
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
41 CVE-2005-2714 2005-12-31 2008-09-05
6.8
Admin Local Low Single system Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
42 CVE-2005-2713 2005-12-31 2011-04-12
6.8
Admin Local Low Single system Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
43 CVE-2005-2594 DoS 2005-08-17 2008-09-05
5.0
None Remote Low Not required None None Partial
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
44 CVE-2005-2526 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
45 CVE-2005-2525 DoS 2005-08-19 2008-09-05
5.0
None Remote Low Not required None None Partial
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
46 CVE-2005-2524 Bypass 2005-10-25 2008-09-05
5.0
None Remote Low Not required None Partial None
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
47 CVE-2005-2523 XSS 2005-08-19 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
48 CVE-2005-2522 Exec Code 2005-08-19 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
49 CVE-2005-2521 Exec Code Overflow 2005-08-19 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
50 CVE-2005-2520 2005-08-19 2008-09-05
2.1
None Local Low Not required Partial None None
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
Total number of vulnerabilities : 148   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.