cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Max CVSS
9.8
EPSS Score
9.71%
Published
2002-12-18
Updated
2024-02-02
IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies.
Max CVSS
7.5
EPSS Score
1.13%
Published
2003-06-09
Updated
2020-12-09
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
Max CVSS
4.6
EPSS Score
0.14%
Published
2003-08-18
Updated
2008-09-10
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Max CVSS
7.5
EPSS Score
0.62%
Published
2003-10-06
Updated
2018-05-03

CVE-2003-0694

Public exploit
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Max CVSS
10.0
EPSS Score
5.70%
Published
2003-10-06
Updated
2018-10-30
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
Max CVSS
5.0
EPSS Score
1.12%
Published
2003-11-17
Updated
2008-09-10
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-03
Updated
2017-07-11
Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-03
Updated
2017-07-11
slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875.
Max CVSS
2.1
EPSS Score
0.04%
Published
2003-11-03
Updated
2008-09-05
Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-11-03
Updated
2008-09-05
Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password.
Max CVSS
7.5
EPSS Score
0.51%
Published
2003-11-03
Updated
2008-09-05
Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet.
Max CVSS
5.0
EPSS Score
0.34%
Published
2003-11-03
Updated
2008-09-05
Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).
Max CVSS
4.6
EPSS Score
0.32%
Published
2003-11-03
Updated
2017-07-11
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2004-12-31
Updated
2008-09-05
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
Max CVSS
5.0
EPSS Score
2.99%
Published
2004-03-15
Updated
2017-10-10
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
Max CVSS
5.0
EPSS Score
0.35%
Published
2004-05-03
Updated
2017-07-11

CVE-2004-0430

Public exploit
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
Max CVSS
5.1
EPSS Score
10.57%
Published
2004-07-07
Updated
2017-07-11
Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option.
Max CVSS
7.6
EPSS Score
0.87%
Published
2004-07-07
Updated
2024-02-13
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
Max CVSS
10.0
EPSS Score
0.40%
Published
2004-08-18
Updated
2017-07-11
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
Max CVSS
5.0
EPSS Score
0.31%
Published
2004-11-23
Updated
2017-07-11
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
Max CVSS
5.0
EPSS Score
1.44%
Published
2004-11-23
Updated
2017-07-11
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Max CVSS
7.5
EPSS Score
6.08%
Published
2004-12-23
Updated
2017-10-11
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Max CVSS
5.0
EPSS Score
5.28%
Published
2005-01-27
Updated
2017-10-11
1965 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!