IPSEC implementations including (1) FreeS/WAN and (2) KAME do not properly calculate the length of authentication data, which allows remote attackers to cause a denial of service (kernel panic) via spoofed, short Encapsulating Security Payload (ESP) packets, which result in integer signedness errors.
Max CVSS
5.0
EPSS Score
3.32%
Published
2002-11-04
Updated
2008-09-10
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
Max CVSS
5.0
EPSS Score
2.88%
Published
2002-11-12
Updated
2017-10-10
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
Max CVSS
9.8
EPSS Score
9.71%
Published
2002-12-18
Updated
2024-02-02
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
Max CVSS
7.5
EPSS Score
0.48%
Published
2003-03-03
Updated
2008-09-11
DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-05-05
Updated
2008-09-10
Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
Max CVSS
6.4
EPSS Score
0.25%
Published
2003-05-05
Updated
2008-09-10
Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-06-13
Updated
2017-07-11
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.
Max CVSS
10.0
EPSS Score
79.54%
Published
2003-08-27
Updated
2024-02-08
The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.
Max CVSS
4.6
EPSS Score
0.14%
Published
2003-08-18
Updated
2008-09-10
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
Max CVSS
7.5
EPSS Score
0.85%
Published
2004-03-29
Updated
2017-07-11
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
Max CVSS
7.5
EPSS Score
0.62%
Published
2003-10-06
Updated
2018-05-03

CVE-2003-0694

Public exploit
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
Max CVSS
10.0
EPSS Score
5.70%
Published
2003-10-06
Updated
2018-10-30
The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests.
Max CVSS
5.0
EPSS Score
1.12%
Published
2003-11-17
Updated
2008-09-10
Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain "unauthorized access to a system."
Max CVSS
7.5
EPSS Score
0.23%
Published
2003-11-03
Updated
2008-09-10
Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended.
Max CVSS
2.1
EPSS Score
0.06%
Published
2003-11-03
Updated
2017-07-11
Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow "unauthorized access."
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-12-01
Updated
2017-07-11
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
Max CVSS
5.0
EPSS Score
0.57%
Published
2003-12-15
Updated
2017-07-11
The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.
Max CVSS
5.0
EPSS Score
0.96%
Published
2003-12-31
Updated
2008-09-10
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
Max CVSS
5.0
EPSS Score
0.35%
Published
2004-03-29
Updated
2017-07-11
Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-03-29
Updated
2017-07-11
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
Max CVSS
10.0
EPSS Score
1.65%
Published
2004-03-29
Updated
2017-07-11
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
Max CVSS
7.5
EPSS Score
0.57%
Published
2004-11-23
Updated
2023-12-28
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
Max CVSS
5.0
EPSS Score
0.26%
Published
2004-11-23
Updated
2021-11-08
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2004-12-31
Updated
2008-09-05
661 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!