Apple: >> Mac Os X >> 10.3.6 Security Vulnerabilities
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.
CVSS Score
7.5
EPSS Score
0.177
Published
2005-05-04
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
CVSS Score
3.6
EPSS Score
0.0
Published
2005-05-03
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.
CVSS Score
2.1
EPSS Score
0.002
Published
2005-05-02
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.
CVSS Score
7.6
EPSS Score
0.004
Published
2005-05-02
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-05-02
The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges.
CVSS Score
4.6
EPSS Score
0.002
Published
2005-03-21
AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box.
CVSS Score
2.1
EPSS Score
0.0
Published
2005-03-21
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable.
CVSS Score
7.2
EPSS Score
0.002
Published
2005-03-21
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVSS Score
5.0
EPSS Score
0.11
Published
2005-01-27
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
CVSS Score
5.0
EPSS Score
0.008
Published
2005-01-10