Apple macOS vulnerabilities

CVE-2005-2745 [MEDIUM] CVE-2005-2745: Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can inclu Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.

CVE-2005-2747 [HIGH] CVE-2005-2747: Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Sa Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

CVE-2005-2744 [MEDIUM] CVE-2005-2744: Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

CVE-2005-2748 [LOW] CVE-2005-2748: The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

CVE-2005-2511 [CRITICAL] CVE-2005-2511: Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.

CVE-2005-2516 [HIGH] CVE-2005-2516: Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly acce Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.

CVE-2005-2519 [HIGH] CVE-2005-2519: slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.

CVE-2005-2514 [HIGH] CVE-2005-2514: Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.

CVE-2005-2518 [HIGH] CVE-2005-2518: Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbit Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.

CVE-2005-2505 [HIGH] CVE-2005-2505: Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.

CVE-2005-2501 [HIGH] CVE-2005-2501: Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.

CVE-2005-2504 [HIGH] CVE-2005-2504: The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.

CVE-2005-2503 [MEDIUM] CVE-2005-2503: AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.

CVE-2005-2508 [MEDIUM] CVE-2005-2508: dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user account dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.

CVE-2005-2522 [MEDIUM] CVE-2005-2522: Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the norm Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.

CVE-2005-2521 [MEDIUM] CVE-2005-2521: Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via un Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.

CVE-2005-2523 [MEDIUM] CVE-2005-2523: Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allo Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2005-2526 [MEDIUM] CVE-2005-2526: CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consump CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.

CVE-2005-2515 [MEDIUM] CVE-2005-2515: Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visu Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.

CVE-2005-2506 [MEDIUM] CVE-2005-2506: Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attacker Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.