CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1377
https://notcve.org/view.php?id=CVE-2010-1377
17 Jun 2010 — Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. 'Open Directory' en Apple Mac OS X v10.6 antes de v10.6.4 crea una conexión no cifrada bajo ciertos fallos de SSL, lo que permite falsificar servidores de cuentas de red a atacantes "man-in-the-middle, y posiblemente también ejecutar código de su elecc... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1381
https://notcve.org/view.php?id=CVE-2010-1381
17 Jun 2010 — The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. La configuración por defecto del servidor de archivos Samba en Apple Mac OS X v10.5.8 y 10.6x antes de v10.6.4, tiene activado el parámetro "wide links", lo que permite acceder a usuarios remotos autenticados a archivos arbitrarios a través ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-16: Configuration •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0545
https://notcve.org/view.php?id=CVE-2010-0545
17 Jun 2010 — The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. El buscador de DesktopServices en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, no asigna un propietario a los archivos durante una acción "Aplicar a los elementos incluidos", lo que permite eludir las restricciones de acceso a usuarios locales ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 8EXPL: 0CVE-2010-1379
https://notcve.org/view.php?id=CVE-2010-1379
17 Jun 2010 — Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. La configuración de la impresora en Apple Mac OS X v10.6 antes de v10.6.4 no interpreta correctamente la codificación de caracteres, lo que permite provocar a atacantes remotos una denegación de servicio (por fallo de impresión) mediante el desp... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 94EXPL: 1CVE-2010-1748 – CUPS 1.4.2 - Web Interface Information Disclosure
https://notcve.org/view.php?id=CVE-2010-1748
17 Jun 2010 — The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. La fu... • https://www.exploit-db.com/exploits/34152 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2010-1373
https://notcve.org/view.php?id=CVE-2010-1373
17 Jun 2010 — Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." Vulnerabilidad de ejecución de sitios cruzados (XSS) en el Visor de Ayuda de Apple Mac OS X v10.6 antes de v10.6.4 permite a atacantes remotos inyectar HTML o scripts web a través de una URL "help:" debidamente modificada. Esta vulnerabilidad esta relacionada con "parámetros URL en con... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0540 – CUPS administrator web interface CSRF
https://notcve.org/view.php?id=CVE-2010-0540
17 Jun 2010 — Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el interfaz web de CUPS en Apple Mac OS X v10.5.8 y a10.6 antes de 10.6.4, permite a atacantes remotos secuestrar la autenticación de los administradores ... • http://cups.org/articles.php?L596 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2010-1380
https://notcve.org/view.php?id=CVE-2010-1380
17 Jun 2010 — Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. Un desbordamiento de entero en el filtro de impresion CUPS cgtexttops en Apple Mac OS X v10.6 antes de v10.6.4 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores relacionados con el tamaño... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-1375
https://notcve.org/view.php?id=CVE-2010-1375
17 Jun 2010 — NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. NetAuthSysAgent en "Network Authorization" en Apple Mac OS X v10.5.8 no tiene los requisitos de autorización esperados, lo que permite a usuarios locales conseguir privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2010-1411 – libtiff: integer overflows leading to heap overflow in Fax3SetupState
https://notcve.org/view.php?id=CVE-2010-1411
17 Jun 2010 — Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en ImageIO de Apple Mac OS X v10.5.8, y v10.6 anterior a v10.6.4, permiten a atacantes remotos ejecutar código de su... • https://github.com/MAVProxyUser/httpfuzz-robomiller • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •