Apple: >> Mac Os X Server >> 10.3.5 Security Vulnerabilities
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
CVSS Score
5.1
EPSS Score
0.048
Published
2005-10-25
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-08-19
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVSS Score
9.8
EPSS Score
0.552
Published
2005-07-18
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-05-12
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
CVSS Score
5.1
EPSS Score
0.011
Published
2005-05-04
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
CVSS Score
5.1
EPSS Score
0.008
Published
2005-05-04
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
CVSS Score
3.6
EPSS Score
0.0
Published
2005-05-03
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
CVSS Score
2.1
EPSS Score
0.002
Published
2005-05-02
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-02
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-03-21