| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. |
| CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive. |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. |
| Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. |
| Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. |
| The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. |
| The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. |
| Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. |
| Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. |
| Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters. |
| Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. |
| Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. |
| Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." |
| DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. |
| Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." |
| QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. |
| Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. |
