CVE-2004-1081
- EPSS 0.34%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3.6 does not properly restrict access to a secure text input field, which allows local users to read keyboard input from other applications within the same window session.
- EPSS 1.64%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
CVE-2004-1085
- EPSS 0.34%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows local users to exit applications via the force-quit key combination, even when the system is running in kiosk mode.
CVE-2004-1086
- EPSS 3.37%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
CVE-2004-1087
- EPSS 0.35%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user.
CVE-2004-1088
- EPSS 1.65%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:06:59
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVE-2004-1089
- EPSS 0.34%
- Veröffentlicht 02.12.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:07:00
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
CVE-2004-0079
- EPSS 9.54%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:53
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
- EPSS 7.23%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:53
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
- EPSS 10.42%
- Veröffentlicht 23.11.2004 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:04:57
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a ...