CVSS: 7.8EPSS: 6%CPEs: 6EXPL: 0CVE-2010-1843 – Apple Mac OS X IPv6 PIM Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2010-1843
10 Nov 2010 — Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. Networking en Apple Mac OS X v10.6.2 hasta v10.6.4 permite a atacantes remotos causar una denegación de servicio (desreferencia de puntero nulo y caída de sistema) a través de un paquete PIM manipulado. This vulnerability allows remote attackers to denial of service the IPv6 stack of an installation of Apple Mac OSX. No authentication o... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 11%CPEs: 12EXPL: 0CVE-2010-3788 – Apple QuickTime JP2 SIZ Chunk Uninitialized Object Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3788
10 Nov 2010 — QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. QuickTime en Apple Mac OS X v10.6.x anterior a v10.6.5 accede a memoria sin inicializar durante el procesamiento de datos de imagen JP2 lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la apli... • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 15%CPEs: 12EXPL: 0CVE-2010-3791 – Apple QuickTime ELST MediaRate Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3791
10 Nov 2010 — Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. Desbordamiento de búfer basado en pila en QuickTime en Apple Mac OS X v10.6.x anterior a v10.6.5 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servivio (caída de la aplicación) a través de un archivo de película MPEG maniuplado This vulnerability allows remote attackers t... • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 46%CPEs: 26EXPL: 0CVE-2010-2941 – cups: cupsd memory corruption vulnerability
https://notcve.org/view.php?id=CVE-2010-2941
05 Nov 2010 — ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. ipp.c en cupsd en CUPS v1.4.4 y anteriores no asigna correctamente memoria para valores de atributo con tipos de datos de cadena inválidos, permitiendo a atacantes remotos provocar una denegación de servicio (uso después de ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1820
https://notcve.org/view.php?id=CVE-2010-1820
21 Sep 2010 — Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. El Apple Filing Protocol (AFP) Server de Apple Mac OS X v10.6.x hasta v10.6.4 no maneja apropiadamente los errores, lo que permite a atacantes remotos evitar requisitos de contraseñas para el acceso a carpetas compartidas mediante el conocimiento de un nombre de cu... • http://lists.apple.com/archives/security-announce/2010/Sep/msg00004.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2010-1808
https://notcve.org/view.php?id=CVE-2010-1808
25 Aug 2010 — Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. Desbordamiento de búfer basado en pila en Apple Type Services (ATS), en Apple Mac OS X v10.5.8 y v10.6.4 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de fuentes manipuladas embebidas en un do... • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1802
https://notcve.org/view.php?id=CVE-2010-1802
25 Aug 2010 — libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. libsecurity en Apple Mac OS X v10.5.8 y v10.6.4 no realizad de forma adecuada la comparación entre las cadenas de nombre de dominio en los certificados X.509, lo que permite ataqu... • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1801
https://notcve.org/view.php?id=CVE-2010-1801
25 Aug 2010 — Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. Desbordamiento de búfer basado en memoria dinámica (heap) en CoreGraphics en Apple Mac OS X v10.5.8 y v10.6.4 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de ficheros PDF manipulados. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2010-1800
https://notcve.org/view.php?id=CVE-2010-1800
25 Aug 2010 — CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. CTFNetwork en Apple Mac OS X v10.6.3 y v10.6.4 soporta conexiones anónimas SSL y TLS, esto permite a atacantes de hombre en el medio (man-in-the-middle) redirigir una conexión y obtener información sensible a través de respuestas manipuladas. • http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 1CVE-2010-2806 – FreeType: Heap-based buffer overflow by processing FontType42 fonts with negative length of SFNT strings (FT bug #30656)
https://notcve.org/view.php?id=CVE-2010-2806
19 Aug 2010 — Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. Error de índice de array en la función t42_parse_sfnts en type42/t42parse.c de FreeType anterior a v2.4.2 permite a atacantes remotos causar una denegación de servicio (fallo de la aplicación) o p... • http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2 • CWE-122: Heap-based Buffer Overflow CWE-129: Improper Validation of Array Index •