VYPR

Mac OS X

by Apple Inc.

CVEs (2,090)

  • CVE-2010-2498Aug 19, 2010
    risk 0.00cvss epss 0.06

    The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a…

  • CVE-2010-2497Aug 19, 2010
    risk 0.00cvss epss 0.06

    Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

  • CVE-2010-1794Aug 2, 2010
    risk 0.00cvss epss 0.00

    The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field.

  • CVE-2010-1382Jun 17, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

  • CVE-2010-1381Jun 17, 2010
    risk 0.00cvss epss 0.01

    The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

  • CVE-2010-1380Jun 17, 2010
    risk 0.00cvss epss 0.04

    Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.

  • CVE-2010-1379Jun 17, 2010
    risk 0.00cvss epss 0.02

    Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

  • CVE-2010-1377Jun 17, 2010
    risk 0.00cvss epss 0.03

    Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.

  • CVE-2010-1376Jun 17, 2010
    risk 0.00cvss epss 0.03

    Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.

  • CVE-2010-1375Jun 17, 2010
    risk 0.00cvss epss 0.00

    NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.

  • CVE-2010-1374Jun 17, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.

  • CVE-2010-1373Jun 17, 2010
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."

  • CVE-2010-0546Jun 17, 2010
    risk 0.00cvss epss 0.00

    Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.

  • CVE-2010-0545Jun 17, 2010
    risk 0.00cvss epss 0.00

    The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

  • CVE-2010-0543Jun 17, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.

  • CVE-2010-0541Jun 17, 2010
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

  • CVE-2010-0540Jun 17, 2010
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

  • CVE-2010-0537Mar 30, 2010
    risk 0.00cvss epss 0.01

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.

  • CVE-2010-0535Mar 30, 2010
    risk 0.00cvss epss 0.01

    Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

  • CVE-2010-0534Mar 30, 2010
    risk 0.00cvss epss 0.01

    Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.

Page 77 of 105