Apple: >> Mac Os X >> 10.3.6 Security Vulnerabilities
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
CVSS Score
9.8
EPSS Score
0.552
Published
2005-07-18
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVSS Score
5.0
EPSS Score
0.098
Published
2005-05-19
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
CVSS Score
7.2
EPSS Score
0.007
Published
2005-05-17
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-12
Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-05-12
Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.
CVSS Score
7.2
EPSS Score
0.003
Published
2005-05-12
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-12
Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-05-12
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.
CVSS Score
5.1
EPSS Score
0.011
Published
2005-05-04
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.
CVSS Score
5.1
EPSS Score
0.008
Published
2005-05-04