National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.3
There are 182 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2006-1984

Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X 10.4.6 and earlier, as used in applications that use ImageIO or AppKit, allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a null dereference.

Published: April 21, 2006; 06:02:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2006-1985

Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.

Published: April 21, 2006; 06:02:00 PM -04:00
V2: 5.1 MEDIUM
CVE-2006-1220

Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.

Published: March 13, 2006; 09:02:00 PM -05:00
V2: 4.6 MEDIUM
CVE-2006-0387

Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.

Published: March 06, 2006; 03:06:00 PM -05:00
V2: 6.4 MEDIUM
CVE-2006-0386

FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.

Published: March 03, 2006; 05:02:00 PM -05:00
V2: 1.7 LOW
CVE-2006-0388

Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.

Published: March 03, 2006; 05:02:00 PM -05:00
V2: 2.6 LOW
CVE-2006-0383

IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".

Published: March 02, 2006; 02:06:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2006-0384

automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".

Published: March 02, 2006; 02:06:00 PM -05:00
V2: 7.5 HIGH
CVE-2005-2713

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.

Published: December 31, 2005; 12:00:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2005-2714

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

Published: December 31, 2005; 12:00:00 AM -05:00
V2: 6.8 MEDIUM
CVE-2005-4504

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

Published: December 22, 2005; 06:03:00 PM -05:00
V2: 7.8 HIGH
CVE-2005-2757

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs."

Published: November 30, 2005; 09:07:00 PM -05:00
V2: 7.5 HIGH
CVE-2005-2739

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

Published: November 01, 2005; 07:47:00 AM -05:00
V2: 2.1 LOW
CVE-2005-2752

An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.

Published: November 01, 2005; 07:47:00 AM -05:00
V2: 2.1 LOW
CVE-2005-2744

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

Published: October 25, 2005; 06:06:00 PM -04:00
V2: 5.1 MEDIUM
CVE-2005-2509

Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.

Published: August 19, 2005; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2005-0972

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

Published: May 12, 2005; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2005-1331

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

Published: May 04, 2005; 12:00:00 AM -04:00
V2: 5.1 MEDIUM
CVE-2005-1341

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.

Published: May 04, 2005; 12:00:00 AM -04:00
V2: 5.1 MEDIUM
CVE-2005-1430

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

Published: May 03, 2005; 12:00:00 AM -04:00
V2: 3.6 LOW