CVSS: 7.2EPSS: 0%CPEs: 16EXPL: 2CVE-2005-0716 – Apple Mac OSX 10.3.8 - 'CF_CHARSET_PATH' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-0716
Stack-based buffer overflow in the Core Foundation Library in Mac OS X 10.3.5 and 10.3.6, and possibly earlier versions, allows local users to execute arbitrary code via a long CF_CHARSET_PATH environment variable. • https://www.exploit-db.com/exploits/2111 https://www.exploit-db.com/exploits/896 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://www.idefense.com/application/poi/display?id=219&type=vulnerabilities http://www.securityfocus.com/bid/13224 •
CVSS: 2.1EPSS: 0%CPEs: 52EXPL: 2CVE-2005-0342 – Apple Mac OSX - '.DS_Store' Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2005-0342
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. • https://www.exploit-db.com/exploits/793 http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=110780124707975&w=2 http://secunia.com/advisories/14188 http://www.securityfocus.com/bid/12458 https://exchange.xforce.ibmcloud.com/vulnerabilities/19253 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-0127
https://notcve.org/view.php?id=CVE-2005-0127
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://secunia.com/advisories/14005 http://securitytracker.com/id?1013001 http://www.kb.cert.org/vuls/id/464662 https://exchange.xforce.ibmcloud.com/vulnerabilities/19085 •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2005-0126
https://notcve.org/view.php?id=CVE-2005-0126
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://securitytracker.com/id?1013000 http://www.kb.cert.org/vuls/id/980078 http://www.securityfocus.com/bid/12367 https://exchange.xforce.ibmcloud.com/vulnerabilities/19083 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0125
https://notcve.org/view.php?id=CVE-2005-0125
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user. Apple's OS X batch family of commands make poor use of setuid capabilities allowing for privilege escalation. • http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://marc.info/?l=bugtraq&m=110685027017411&w=2 http://www.digitalmunition.com/DMA%5B2005-0127a%5D.txt http://www.kb.cert.org/vuls/id/678150 https://exchange.xforce.ibmcloud.com/vulnerabilities/18981 •