Apple: >> Mac Os X Server >> 10.4.2 Security Vulnerabilities
SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-10-26
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
CVSS Score
5.0
EPSS Score
0.003
Published
2005-10-26
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
CVSS Score
5.1
EPSS Score
0.048
Published
2005-10-25
Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.
CVSS Score
7.5
EPSS Score
0.047
Published
2005-10-25
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-10-25
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
CVSS Score
7.6
EPSS Score
0.013
Published
2005-08-19
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
CVSS Score
5.1
EPSS Score
0.01
Published
2005-08-19
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-08-19
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
CVSS Score
7.2
EPSS Score
0.001
Published
2005-08-19
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
CVSS Score
5.0
EPSS Score
0.005
Published
2005-08-19