CVSS: 10.0EPSS: 93%CPEs: 73EXPL: 0CVE-2010-1770 – Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1770
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." WebKit en Safari de Apple anterior a versión 5.0... • http://code.google.com/p/chromium/issues/detail?id=43487 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1398 – Apple Webkit ContentEditable moveParagraphs Uninitialized Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1398
08 Jun 2010 — WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1401 – Apple Webkit First-Letter Pseudo-Element Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1401
08 Jun 2010 — Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element. Vulnerabilidad de uso despues de liberacion en la implementación de las hojas de estilo en cascada (CSS) en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1404 – Apple Webkit Recursive Use Element Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1404
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 ... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 7%CPEs: 74EXPL: 0CVE-2010-1396 – Apple Webkit Option Element ContentEditable Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1396
08 Jun 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Mac OS X v10.5 a v10.6 y Windows, y anterior a v4.1 en Mac OS X v10.4, permite a los atacantes r... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 2%CPEs: 13EXPL: 0CVE-2010-0538
https://notcve.org/view.php?id=CVE-2010-0538
21 May 2010 — Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2 no utilizan apropiadamente los objetos mediaL... • http://lists.apple.com/archives/security-announce/2010//May/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 13EXPL: 0CVE-2010-0539
https://notcve.org/view.php?id=CVE-2010-0539
21 May 2010 — Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. Error de presencia de signo en entero en la implementación de la visualización de la ventana en Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2. Permite a ata... • http://lists.apple.com/archives/security-announce/2010//May/msg00001.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 7CVE-2010-0105 – Apple Mac OSX 10.6 - HFS FileSystem (Denial of Service)
https://notcve.org/view.php?id=CVE-2010-0105
27 Apr 2010 — The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component. La implementación de hfs en Apple Mac OS X versión 10.5.8 y versión 10.6.x anterior a 10.6.5, admite enlaces físicos en directorios... • https://packetstorm.news/files/id/126039 •
CVSS: 6.5EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0531
https://notcve.org/view.php?id=CVE-2010-0531
31 Mar 2010 — Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. Apple iTunes en versiones anteriores a la 9.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un fichero de podcast MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0535
https://notcve.org/view.php?id=CVE-2010-0535
30 Mar 2010 — Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Dovecot en Apple Mac OS X v10.6 anterior a v10.6.3, cuando Kerberos está habilitado no aplica de forma efectiva la lista de control de acceso al servicio (SACL) para enviar y recibir correo electrónico, lo cual permite a usuarios remotos... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •