Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-1408 | 0.00 | — | 0.03 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation… | |||
| CVE-2010-1406 | 0.00 | — | 0.02 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain… | |||
| CVE-2010-1395 | 0.00 | — | 0.03 | Jun 11, 2010 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a… | |||
| CVE-2010-1394 | 0.00 | — | 0.03 | Jun 11, 2010 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments. | |||
| CVE-2010-1393 | 0.00 | — | 0.02 | Jun 11, 2010 | The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL. | |||
| CVE-2010-1391 | 0.00 | — | 0.04 | Jun 11, 2010 | Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database… | |||
| CVE-2010-1390 | 0.00 | — | 0.03 | Jun 11, 2010 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and… | |||
| CVE-2010-1389 | 0.00 | — | 0.03 | Jun 11, 2010 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2)… | |||
| CVE-2010-1388 | 0.00 | — | 0.03 | Jun 11, 2010 | WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | |||
| CVE-2010-1385 | 0.00 | — | 0.05 | Jun 11, 2010 | Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | |||
| CVE-2010-1384 | 0.00 | — | 0.03 | Jun 11, 2010 | Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a… | |||
| CVE-2010-0539 | 0.00 | — | 0.03 | May 21, 2010 | Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. | |||
| CVE-2010-0538 | 0.00 | — | 0.03 | May 21, 2010 | Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a… | |||
| CVE-2010-1940 | 0.00 | — | 0.01 | May 14, 2010 | Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the… | |||
| CVE-2010-1729 | 0.00 | — | 0.02 | May 6, 2010 | WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop. | |||
| CVE-2009-2822 | 0.00 | — | 0.02 | Apr 5, 2010 | AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | |||
| CVE-2010-0536 | 0.00 | — | 0.04 | Mar 31, 2010 | Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image. | |||
| CVE-2010-0532 | 0.00 | — | 0.00 | Mar 31, 2010 | Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | |||
| CVE-2010-0531 | 0.00 | — | 0.02 | Mar 31, 2010 | Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | |||
| CVE-2010-0528 | 0.00 | — | 0.06 | Mar 31, 2010 | Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and… | |||
| CVE-2010-0527 | 0.00 | — | 0.04 | Mar 31, 2010 | Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||
| CVE-2010-0537 | 0.00 | — | 0.01 | Mar 30, 2010 | DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | |||
| CVE-2010-0535 | 0.00 | — | 0.01 | Mar 30, 2010 | Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||
| CVE-2010-0534 | 0.00 | — | 0.01 | Mar 30, 2010 | Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | |||
| CVE-2010-0526 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not… | |||
| CVE-2010-0525 | 0.00 | — | 0.01 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force… | |||
| CVE-2010-0524 | 0.00 | — | 0.01 | Mar 30, 2010 | The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request… | |||
| CVE-2010-0523 | 0.00 | — | 0.02 | Mar 30, 2010 | Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | |||
| CVE-2010-0522 | 0.00 | — | 0.02 | Mar 30, 2010 | Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | |||
| CVE-2010-0521 | 0.00 | — | 0.02 | Mar 30, 2010 | Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | |||
| CVE-2010-0518 | 0.00 | — | 0.03 | Mar 30, 2010 | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. | |||
| CVE-2010-0517 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using… | |||
| CVE-2010-0516 | 0.00 | — | 0.05 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed… | |||
| CVE-2010-0515 | 0.00 | — | 0.03 | Mar 30, 2010 | QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding. | |||
| CVE-2010-0514 | 0.00 | — | 0.03 | Mar 30, 2010 | Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. | |||
| CVE-2010-0513 | 0.00 | — | 0.03 | Mar 30, 2010 | Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. | |||
| CVE-2010-0512 | 0.00 | — | 0.02 | Mar 30, 2010 | The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering… | |||
| CVE-2010-0511 | 0.00 | — | 0.01 | Mar 30, 2010 | Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | |||
| CVE-2010-0510 | 0.00 | — | 0.02 | Mar 30, 2010 | Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. | |||
| CVE-2010-0509 | 0.00 | — | 0.00 | Mar 30, 2010 | SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. | |||
| CVE-2010-0508 | 0.00 | — | 0.02 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. | |||
| CVE-2010-0507 | 0.00 | — | 0.03 | Mar 30, 2010 | Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. | |||
| CVE-2010-0506 | 0.00 | — | 0.03 | Mar 30, 2010 | Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. | |||
| CVE-2010-0505 | 0.00 | — | 0.04 | Mar 30, 2010 | Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset… | |||
| CVE-2010-0504 | 0.00 | — | 0.03 | Mar 30, 2010 | Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-0503 | 0.00 | — | 0.02 | Mar 30, 2010 | Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-0502 | 0.00 | — | 0.01 | Mar 30, 2010 | iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type. | |||
| CVE-2010-0501 | 0.00 | — | 0.03 | Mar 30, 2010 | Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. | |||
| CVE-2010-0500 | 0.00 | — | 0.02 | Mar 30, 2010 | Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | |||
| CVE-2010-0498 | 0.00 | — | 0.00 | Mar 30, 2010 | Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. |
- CVE-2010-1408Jun 11, 2010risk 0.00cvss —epss 0.03
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation…
- CVE-2010-1406Jun 11, 2010risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain…
- CVE-2010-1395Jun 11, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a…
- CVE-2010-1394Jun 11, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML document fragments.
- CVE-2010-1393Jun 11, 2010risk 0.00cvss —epss 0.02
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to discover sensitive URLs via an HREF attribute associated with a redirecting URL.
- CVE-2010-1391Jun 11, 2010risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database…
- CVE-2010-1390Jun 11, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and…
- CVE-2010-1389Jun 11, 2010risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2)…
- CVE-2010-1388Jun 11, 2010risk 0.00cvss —epss 0.03
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document.
- CVE-2010-1385Jun 11, 2010risk 0.00cvss —epss 0.05
Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
- CVE-2010-1384Jun 11, 2010risk 0.00cvss —epss 0.03
Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a…
- CVE-2010-0539May 21, 2010risk 0.00cvss —epss 0.03
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.
- CVE-2010-0538May 21, 2010risk 0.00cvss —epss 0.03
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a…
- CVE-2010-1940May 14, 2010risk 0.00cvss —epss 0.01
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the…
- CVE-2010-1729May 6, 2010risk 0.00cvss —epss 0.02
WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes sequences in an infinite loop.
- CVE-2009-2822Apr 5, 2010risk 0.00cvss —epss 0.02
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.
- CVE-2010-0536Mar 31, 2010risk 0.00cvss —epss 0.04
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted BMP image.
- CVE-2010-0532Mar 31, 2010risk 0.00cvss —epss 0.00
Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse.
- CVE-2010-0531Mar 31, 2010risk 0.00cvss —epss 0.02
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file.
- CVE-2010-0528Mar 31, 2010risk 0.00cvss —epss 0.06
Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom (STSD), and…
- CVE-2010-0527Mar 31, 2010risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
- CVE-2010-0537Mar 30, 2010risk 0.00cvss —epss 0.01
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.
- CVE-2010-0535Mar 30, 2010risk 0.00cvss —epss 0.01
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
- CVE-2010-0534Mar 30, 2010risk 0.00cvss —epss 0.01
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.
- CVE-2010-0526Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not…
- CVE-2010-0525Mar 30, 2010risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force…
- CVE-2010-0524Mar 30, 2010risk 0.00cvss —epss 0.01
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request…
- CVE-2010-0523Mar 30, 2010risk 0.00cvss —epss 0.02
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.
- CVE-2010-0522Mar 30, 2010risk 0.00cvss —epss 0.02
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
- CVE-2010-0521Mar 30, 2010risk 0.00cvss —epss 0.02
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
- CVE-2010-0518Mar 30, 2010risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
- CVE-2010-0517Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using…
- CVE-2010-0516Mar 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed…
- CVE-2010-0515Mar 30, 2010risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
- CVE-2010-0514Mar 30, 2010risk 0.00cvss —epss 0.03
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
- CVE-2010-0513Mar 30, 2010risk 0.00cvss —epss 0.03
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.
- CVE-2010-0512Mar 30, 2010risk 0.00cvss —epss 0.02
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering…
- CVE-2010-0511Mar 30, 2010risk 0.00cvss —epss 0.01
Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.
- CVE-2010-0510Mar 30, 2010risk 0.00cvss —epss 0.02
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
- CVE-2010-0509Mar 30, 2010risk 0.00cvss —epss 0.00
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
- CVE-2010-0508Mar 30, 2010risk 0.00cvss —epss 0.02
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
- CVE-2010-0507Mar 30, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
- CVE-2010-0506Mar 30, 2010risk 0.00cvss —epss 0.03
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.
- CVE-2010-0505Mar 30, 2010risk 0.00cvss —epss 0.04
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset…
- CVE-2010-0504Mar 30, 2010risk 0.00cvss —epss 0.03
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-0503Mar 30, 2010risk 0.00cvss —epss 0.02
Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-0502Mar 30, 2010risk 0.00cvss —epss 0.01
iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type.
- CVE-2010-0501Mar 30, 2010risk 0.00cvss —epss 0.03
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
- CVE-2010-0500Mar 30, 2010risk 0.00cvss —epss 0.02
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
- CVE-2010-0498Mar 30, 2010risk 0.00cvss —epss 0.00
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
Page 151 of 169