Mac OS X
by Apple Inc.
CVEs (2,090)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-0526 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not… | |||
| CVE-2010-0525 | 0.00 | — | 0.01 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force… | |||
| CVE-2010-0524 | 0.00 | — | 0.01 | Mar 30, 2010 | The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request… | |||
| CVE-2010-0521 | 0.00 | — | 0.02 | Mar 30, 2010 | Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | |||
| CVE-2010-0518 | 0.00 | — | 0.03 | Mar 30, 2010 | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. | |||
| CVE-2010-0517 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using… | |||
| CVE-2010-0516 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed… | |||
| CVE-2010-0515 | 0.00 | — | 0.03 | Mar 30, 2010 | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding. | |||
| CVE-2010-0514 | 0.00 | — | 0.03 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. | |||
| CVE-2010-0513 | 0.00 | — | 0.03 | Mar 30, 2010 | Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | |||
| CVE-2010-0512 | 0.00 | — | 0.02 | Mar 30, 2010 | The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering… | |||
| CVE-2010-0511 | 0.00 | — | 0.01 | Mar 30, 2010 | Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | |||
| CVE-2010-0509 | 0.00 | — | 0.00 | Mar 30, 2010 | SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. | |||
| CVE-2010-0508 | 0.00 | — | 0.02 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. | |||
| CVE-2010-0507 | 0.00 | — | 0.03 | Mar 30, 2010 | Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. | |||
| CVE-2010-0506 | 0.00 | — | 0.03 | Mar 30, 2010 | Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. | |||
| CVE-2010-0505 | 0.00 | — | 0.04 | Mar 30, 2010 | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset… | |||
| CVE-2010-0500 | 0.00 | — | 0.02 | Mar 30, 2010 | Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | |||
| CVE-2010-0498 | 0.00 | — | 0.00 | Mar 30, 2010 | Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2010-0497 | 0.00 | — | 0.03 | Mar 30, 2010 | Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. |
- CVE-2010-0526Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not…
- CVE-2010-0525Mar 30, 2010risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force…
- CVE-2010-0524Mar 30, 2010risk 0.00cvss —epss 0.01
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request…
- CVE-2010-0521Mar 30, 2010risk 0.00cvss —epss 0.02
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
- CVE-2010-0518Mar 30, 2010risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
- CVE-2010-0517Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using…
- CVE-2010-0516Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed…
- CVE-2010-0515Mar 30, 2010risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
- CVE-2010-0514Mar 30, 2010risk 0.00cvss —epss 0.03
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
- CVE-2010-0513Mar 30, 2010risk 0.00cvss —epss 0.03
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.
- CVE-2010-0512Mar 30, 2010risk 0.00cvss —epss 0.02
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering…
- CVE-2010-0511Mar 30, 2010risk 0.00cvss —epss 0.01
Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.
- CVE-2010-0509Mar 30, 2010risk 0.00cvss —epss 0.00
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
- CVE-2010-0508Mar 30, 2010risk 0.00cvss —epss 0.02
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
- CVE-2010-0507Mar 30, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
- CVE-2010-0506Mar 30, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.
- CVE-2010-0505Mar 30, 2010risk 0.00cvss —epss 0.04
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset…
- CVE-2010-0500Mar 30, 2010risk 0.00cvss —epss 0.02
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
- CVE-2010-0498Mar 30, 2010risk 0.00cvss —epss 0.00
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
- CVE-2010-0497Mar 30, 2010risk 0.00cvss —epss 0.03
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
Page 78 of 105