The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
Max CVSS
5.0
EPSS Score
0.16%
Published
2002-12-31
Updated
2008-09-05
Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
Max CVSS
10.0
EPSS Score
6.31%
Published
2002-12-26
Updated
2016-10-18
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
Max CVSS
7.5
EPSS Score
1.40%
Published
2002-12-26
Updated
2024-01-21
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
Max CVSS
7.5
EPSS Score
5.13%
Published
2002-12-26
Updated
2017-10-10
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Max CVSS
10.0
EPSS Score
5.43%
Published
2002-12-26
Updated
2017-10-10
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
Max CVSS
7.5
EPSS Score
24.25%
Published
2002-12-26
Updated
2017-07-11
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
Max CVSS
10.0
EPSS Score
1.82%
Published
2002-12-26
Updated
2017-10-10
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
Max CVSS
6.2
EPSS Score
0.04%
Published
2002-12-26
Updated
2017-10-10
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Max CVSS
9.8
EPSS Score
9.71%
Published
2002-12-18
Updated
2024-02-02
Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2.2 allows local users to access restricted parts of a filesystem.
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2008-09-05
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2017-10-10
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
Max CVSS
5.0
EPSS Score
0.93%
Published
2002-12-11
Updated
2017-10-10
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
Max CVSS
4.6
EPSS Score
0.04%
Published
2002-12-11
Updated
2017-10-10
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
Max CVSS
5.0
EPSS Score
2.88%
Published
2002-11-12
Updated
2017-10-10
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
Max CVSS
7.5
EPSS Score
6.57%
Published
2002-07-11
Updated
2008-09-05
IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Max CVSS
5.0
EPSS Score
3.32%
Published
2002-11-04
Updated
2008-09-10
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
Max CVSS
5.0
EPSS Score
6.61%
Published
2002-08-12
Updated
2008-09-10
Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.
Max CVSS
7.5
EPSS Score
78.00%
Published
2002-08-12
Updated
2008-09-10
OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
1.87%
Published
2002-08-12
Updated
2008-09-10
19 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!