CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0500
https://notcve.org/view.php?id=CVE-2010-0500
30 Mar 2010 — Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." El Monitor de Eventos (Event Monitor) de Apple Mac OS X en versiones anteriores a la v10.6.3 no valida apropiadamente los nombres de equipo (hostnames) de los clientes SSH, lo que permite a atacantes remotos provocar una denegación de servicio (añadido a... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0533
https://notcve.org/view.php?id=CVE-2010-0533
30 Mar 2010 — Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. Vulnerabilidad de salto de directorio en AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a atacantes remotos listar un directorio padre del raíz compartido, y leer y modificar ficheros en ese directorio, a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
30 Mar 2010 — AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
05 Mar 2010 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability ex... • http://cups.org/articles.php?L596 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
03 Mar 2010 — The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "de... • http://libpng.sourceforge.net/ADVISORY-1.4.1.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://notcve.org/view.php?id=CVE-2009-3553
20 Nov 2009 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el d... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2825
https://notcve.org/view.php?id=CVE-2009-2825
10 Nov 2009 — Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. Certificate Assistant en Apple Mac OS X anterior a v10.6.2 no controla correctamente un caracter '\0' en el nombre de dominio en el campo nombre comú... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2834
https://notcve.org/view.php?id=CVE-2009-2834
10 Nov 2009 — IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. IOKit en Apple Mac OS X anterior v10.6.2 permite a usuarios locales modificar el firmware de (1) USB o (2) teclado Bluetooth a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 118EXPL: 0CVE-2009-2823
https://notcve.org/view.php?id=CVE-2009-2823
10 Nov 2009 — The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. El servidor Apache HTTP en Apple Mac OS X anterior v10.6.2 habilita el método HTTP TRACE, lo que permite a atacantes dirigir ejecuciones de secuencias de comandos en sitios cruzados (XSS) a través de software de clientes web no especificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 118EXPL: 1CVE-2009-2820 – CUPS - 'kerberos' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-2820
10 Nov 2009 — The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and levera... • https://www.exploit-db.com/exploits/10001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •