Mac Os X@10.6.4 Security Vulnerabilities and Issues — Mac Os X@10.6.4 CVE List

Lucene search

AppleMac Os X10.6.4

39 matches found

cve•added 2010/04/27 3:30 p.m.•65 views

CVE-2010-0105

The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir a...

4.9CVSS7.6AI score0.00343EPSS

cve•added 2010/11/16 10:0 p.m.•60 views

CVE-2010-3788

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

6.8CVSS9AI score0.01058EPSS

cve•added 2010/11/16 10:0 p.m.•60 views

CVE-2010-3792

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

6.8CVSS9AI score0.01058EPSS

cve•added 2010/11/15 11:0 p.m.•57 views

CVE-2010-1830

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.

5CVSS8.4AI score0.00307EPSS

cve•added 2010/11/15 11:0 p.m.•56 views

CVE-2010-1842

Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.

9.3CVSS9.3AI score0.03178EPSS

cve•added 2010/11/16 10:0 p.m.•56 views

CVE-2010-3785

Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.

6.8CVSS9.2AI score0.02245EPSS

cve•added 2010/11/16 10:0 p.m.•56 views

CVE-2010-3786

QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

6.8CVSS9.2AI score0.05127EPSS

cve•added 2010/11/16 10:0 p.m.•56 views

CVE-2010-3790

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.

6.8CVSS7.9AI score0.04226EPSS

cve•added 2010/11/16 10:0 p.m.•55 views

CVE-2010-3787

Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

6.8CVSS9.3AI score0.01368EPSS

cve•added 2010/11/15 11:0 p.m.•54 views

CVE-2010-1829

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

6CVSS8.8AI score0.00732EPSS

cve•added 2010/11/16 10:0 p.m.•54 views

CVE-2010-3784

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.

5CVSS8.3AI score0.00408EPSS

cve•added 2010/11/16 10:0 p.m.•54 views

CVE-2010-3791

Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

6.8CVSS9.2AI score0.01127EPSS

cve•added 2010/11/16 10:0 p.m.•54 views

CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.

4.3CVSS8.1AI score0.00209EPSS

cve•added 2010/11/15 11:0 p.m.•52 views

CVE-2010-1803

Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

4.3CVSS8.1AI score0.00307EPSS

cve•added 2010/11/15 11:0 p.m.•52 views

CVE-2010-1840

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5CVSS9.4AI score0.0553EPSS

cve•added 2010/11/16 10:0 p.m.•52 views

CVE-2010-3795

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

6.8CVSS9AI score0.01058EPSS

cve•added 2010/09/21 8:0 p.m.•51 views

CVE-2010-1820

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

6.8CVSS6.5AI score0.00321EPSS

cve•added 2010/11/15 11:0 p.m.•51 views

CVE-2010-1836

Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8CVSS9.3AI score0.01486EPSS

cve•added 2010/11/16 10:0 p.m.•51 views

CVE-2010-3798

Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

6.8CVSS9.3AI score0.02396EPSS

cve•added 2010/11/15 11:0 p.m.•50 views

CVE-2010-1838

Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.

4.4CVSS8.7AI score0.00091EPSS

cve•added 2010/11/15 11:0 p.m.•49 views

CVE-2010-1833

Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.

6.8CVSS9.1AI score0.01411EPSS

cve•added 2010/11/16 10:0 p.m.•49 views

CVE-2010-3789

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.

6.8CVSS9.2AI score0.01058EPSS

cve•added 2010/11/15 11:0 p.m.•48 views

CVE-2010-1834

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

5.8CVSS8.4AI score0.00288EPSS

cve•added 2010/11/16 10:0 p.m.•48 views

CVE-2010-1847

The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.

4.9CVSS7.5AI score0.00048EPSS

cve•added 2010/11/15 11:0 p.m.•47 views

CVE-2010-1828

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

5CVSS8.5AI score0.00975EPSS

cve•added 2010/11/16 10:0 p.m.•47 views

CVE-2010-3793

6.8CVSS9.2AI score0.01058EPSS

cve•added 2010/11/16 10:0 p.m.•46 views

CVE-2010-1846

Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.

6.8CVSS9.3AI score0.01392EPSS

cve•added 2010/11/16 10:0 p.m.•45 views

CVE-2010-1844

Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.

7.1CVSS8.2AI score0.00782EPSS

cve•added 2010/08/25 8:0 p.m.•44 views

CVE-2010-1801

Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.

6.8CVSS9.1AI score0.01486EPSS

cve•added 2010/11/15 11:0 p.m.•44 views

CVE-2010-1831

Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.

6.8CVSS9.2AI score0.01768EPSS

cve•added 2010/11/15 11:0 p.m.•44 views

CVE-2010-1832

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.

6.8CVSS9.2AI score0.01768EPSS

cve•added 2010/11/15 11:0 p.m.•44 views

CVE-2010-1837

CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.

6.8CVSS9.2AI score0.01927EPSS

cve•added 2010/11/16 10:0 p.m.•44 views

CVE-2010-1843

Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.

7.8CVSS8.2AI score0.01642EPSS

cve•added 2010/11/16 10:0 p.m.•44 views

CVE-2010-3794

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

6.8CVSS9AI score0.01058EPSS

cve•added 2010/11/15 11:0 p.m.•43 views

CVE-2010-1841

Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.

9.3CVSS9.3AI score0.0219EPSS

cve•added 2010/08/25 8:0 p.m.•42 views

CVE-2010-1808

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

6.8CVSS9.2AI score0.01392EPSS

cve•added 2010/11/16 10:0 p.m.•41 views

CVE-2010-1845

ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.

6.8CVSS9.3AI score0.01796EPSS

cve•added 2010/08/25 8:0 p.m.•38 views

CVE-2010-1802

libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con cert...

6.4CVSS8.1AI score0.00119EPSS

cve•added 2010/08/25 8:0 p.m.•37 views

CVE-2010-1800

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.

5CVSS7.8AI score0.00297EPSS