Max CVSS 10.0 Min CVSS 2.1 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2004-0112 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
15-02-2024 - 20:54 23-11-2004 - 05:00
CVE-2004-1083 5.0
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning wit
08-02-2024 - 02:09 03-12-2004 - 05:00
CVE-2005-1689 7.5
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
02-02-2024 - 15:24 18-07-2005 - 04:00
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
28-12-2023 - 15:33 23-11-2004 - 05:00
CVE-2005-1849 5.0
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
22-06-2022 - 16:40 26-07-2005 - 04:00
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
22-06-2022 - 16:40 06-07-2005 - 04:00
CVE-2004-0885 7.5
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
06-06-2021 - 11:15 03-11-2004 - 05:00
CVE-2004-0942 5.0
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
06-06-2021 - 11:15 09-02-2005 - 05:00
CVE-2004-1189 7.2
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an arr
02-02-2021 - 18:16 31-12-2004 - 05:00
CVE-2005-1175 7.5
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP req
21-01-2020 - 15:45 18-07-2005 - 04:00
CVE-2005-1174 5.0
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
21-01-2020 - 15:45 18-07-2005 - 04:00
CVE-2005-0709 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
17-12-2019 - 17:12 02-05-2005 - 04:00
CVE-2005-0710 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr
17-12-2019 - 17:12 02-05-2005 - 04:00
CVE-2005-0711 2.1
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
17-12-2019 - 17:12 02-05-2005 - 04:00
CVE-2005-0605 7.5
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
03-10-2018 - 21:29 02-03-2005 - 05:00
CVE-2005-1769 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
11-10-2017 - 01:30 16-06-2005 - 04:00
CVE-2005-2095 4.3
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write ar
11-10-2017 - 01:30 13-07-2005 - 04:00
CVE-2004-1084 5.0
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
11-07-2017 - 01:30 02-12-2004 - 05:00
CVE-2005-2503 4.6
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
10-09-2008 - 19:42 19-08-2005 - 04:00
CVE-2005-2502 5.1
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
10-09-2008 - 19:42 19-08-2005 - 04:00
CVE-2005-1344 7.5
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to
10-09-2008 - 19:38 02-05-2005 - 04:00
CVE-2005-2518 7.5
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2515 4.6
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2505 7.5
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2523 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2517 2.6
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2525 5.0
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2506 5.0
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2509 2.1
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2504 7.2
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2519 7.2
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2516 7.5
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2512 2.1
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2520 2.1
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2522 5.1
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2526 5.0
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2507 7.5
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2510 4.6
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall p
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2513 5.0
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2508 4.6
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2501 7.6
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2514 7.5
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2521 4.6
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
05-09-2008 - 20:51 19-08-2005 - 04:00
CVE-2005-2511 10.0
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
05-09-2008 - 20:51 19-08-2005 - 04:00
Back to Top Mark selected
Back to Top