Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files.
Max CVSS
6.4
EPSS Score
0.25%
Published
2003-05-05
Updated
2008-09-10
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
Max CVSS
6.8
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-19
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
Max CVSS
6.8
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-19
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
Max CVSS
6.4
EPSS Score
0.76%
Published
2005-12-31
Updated
2017-07-11
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
Max CVSS
6.5
EPSS Score
1.28%
Published
2005-12-31
Updated
2017-07-11
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
Max CVSS
6.4
EPSS Score
5.35%
Published
2006-03-06
Updated
2017-07-20
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
Max CVSS
6.4
EPSS Score
10.77%
Published
2006-04-21
Updated
2017-07-20
Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile.
Max CVSS
6.8
EPSS Score
2.86%
Published
2007-03-13
Updated
2011-03-08
Unspecified vulnerability in diskimages-helper in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted compressed disk image that triggers memory corruption.
Max CVSS
6.8
EPSS Score
3.07%
Published
2007-03-13
Updated
2011-03-08
Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via a crafted AppleSingleEncoding disk image.
Max CVSS
6.8
EPSS Score
5.56%
Published
2007-03-13
Updated
2011-03-08
The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently limit access to certain controls, which allows local users to gain privileges by using HID device events to read keystrokes from the console.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-03-13
Updated
2017-07-29
Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the "\X?\d" and "\P{L}?\d" patterns.
Max CVSS
6.4
EPSS Score
1.86%
Published
2007-11-07
Updated
2018-10-16
Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.
Max CVSS
6.8
EPSS Score
4.25%
Published
2007-11-15
Updated
2017-07-29
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.
Max CVSS
6.8
EPSS Score
0.40%
Published
2008-03-18
Updated
2017-08-08
Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.
Max CVSS
6.9
EPSS Score
0.05%
Published
2008-03-18
Updated
2017-08-08
CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.
Max CVSS
6.8
EPSS Score
2.20%
Published
2008-03-18
Updated
2017-08-08
Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.
Max CVSS
6.4
EPSS Score
1.69%
Published
2008-03-18
Updated
2017-08-08
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
Max CVSS
6.8
EPSS Score
0.40%
Published
2008-03-18
Updated
2017-08-08
Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.
Max CVSS
6.8
EPSS Score
11.50%
Published
2008-03-18
Updated
2017-08-08
Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.
Max CVSS
6.8
EPSS Score
2.20%
Published
2008-03-18
Updated
2017-08-08
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer.
Max CVSS
6.8
EPSS Score
2.58%
Published
2008-03-18
Updated
2017-08-08
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
Max CVSS
6.9
EPSS Score
0.04%
Published
2008-03-18
Updated
2017-08-08
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
Max CVSS
6.8
EPSS Score
3.75%
Published
2008-06-02
Updated
2017-08-08
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
Max CVSS
6.8
EPSS Score
1.51%
Published
2008-07-01
Updated
2017-08-08
176 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!