CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2005-0970
https://notcve.org/view.php?id=CVE-2005-0970
22 Apr 2005 — Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. • http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 71EXPL: 0CVE-2005-1043
https://notcve.org/view.php?id=CVE-2005-1043
12 Apr 2005 — exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion. • http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.29&r2=1.118.2.30&ty=u •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0712
https://notcve.org/view.php?id=CVE-2005-0712
22 Mar 2005 — Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 1CVE-2005-0713 – Apple Mac OSX 10.3.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0713
21 Mar 2005 — The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be launched without a keyboard or Bluetooth device, which allows local users to bypass access restrictions and gain privileges. • https://www.exploit-db.com/exploits/25256 •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2005-0715
https://notcve.org/view.php?id=CVE-2005-0715
21 Mar 2005 — AFP Server in Mac OS X before 10.3.8 uses insecure permissions for "Drop Boxes," which allows local users to read the contents of a Drop Box. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 2CVE-2005-0716 – Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0716
21 Mar 2005 — Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable. • https://www.exploit-db.com/exploits/2111 •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 2CVE-2005-0342 – Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2005-0342
10 Feb 2005 — The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. • https://www.exploit-db.com/exploits/793 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0125
https://notcve.org/view.php?id=CVE-2005-0125
29 Jan 2005 — The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-0127
https://notcve.org/view.php?id=CVE-2005-0127
29 Jan 2005 — Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2005-0126
https://notcve.org/view.php?id=CVE-2005-0126
29 Jan 2005 — ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html •