Mac Os X Security Vulnerabilities and Issues — Mac Os X CVE List

Lucene search

AppleMac Os X

17 matches found

CVE•added 2010/06/30 6:30 p.m.•140 views

CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

9.8CVSS9.9AI score0.17033EPSS

CVE•added 2010/06/22 5:30 p.m.•71 views

CVE-2010-1637

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.

6.5CVSS5.9AI score0.00128EPSS

CVE•added 2010/06/17 4:30 p.m.•69 views

CVE-2010-1411

Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a c...

6.8CVSS7.8AI score0.01116EPSS

CVE•added 2010/06/17 4:30 p.m.•65 views

CVE-2010-0540

Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.

6CVSS8.3AI score0.00401EPSS

CVE•added 2010/06/17 4:30 p.m.•56 views

CVE-2010-0541

Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.

4.3CVSS6.2AI score0.01708EPSS

CVE•added 2010/06/17 4:30 p.m.•53 views

CVE-2010-0543

ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.

6.8CVSS7.8AI score0.02117EPSS

CVE•added 2010/06/17 4:30 p.m.•51 views

CVE-2010-1377

Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.

9.3CVSS6.8AI score0.01042EPSS

CVE•added 2010/06/17 4:30 p.m.•48 views

CVE-2010-1381

The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.

3.5CVSS6.6AI score0.38234EPSS

CVE•added 2010/06/17 4:30 p.m.•47 views

CVE-2010-0546

Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.

3.3CVSS6.8AI score0.00031EPSS

CVE•added 2010/06/17 4:30 p.m.•47 views

CVE-2010-1382

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

3.5CVSS5.9AI score0.00324EPSS

CVE•added 2010/06/17 4:30 p.m.•46 views

CVE-2010-0545

The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.

4.4CVSS6.7AI score0.00069EPSS

CVE•added 2010/06/17 4:30 p.m.•46 views

CVE-2010-1374

Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.

4.3CVSS7AI score0.008EPSS

CVE•added 2010/06/17 4:30 p.m.•46 views

CVE-2010-1376

Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.

6.8CVSS7.6AI score0.03702EPSS

CVE•added 2010/06/17 4:30 p.m.•45 views

CVE-2010-1373

Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."

4.3CVSS5.9AI score0.00516EPSS

CVE•added 2010/06/17 4:30 p.m.•44 views

CVE-2010-1379

Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.

5CVSS6.6AI score0.01558EPSS

CVE•added 2010/06/17 4:30 p.m.•44 views

CVE-2010-1380

Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.

7.5CVSS7.6AI score0.04151EPSS

CVE•added 2010/06/17 4:30 p.m.•43 views

CVE-2010-1375

NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.

7.2CVSS6.7AI score0.00052EPSS