CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0056
https://notcve.org/view.php?id=CVE-2010-0056
30 Mar 2010 — Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. Desbordamiento de búfer en Cocoa spell checking en AppKit en Apple Mac OS X v10.5.8 permite a atacantes asistidos remotamente por usuarios ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0058
https://notcve.org/view.php?id=CVE-2010-0058
30 Mar 2010 — freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. freshclam en ClamAV en Apple Mac OS X v10.5.8 con Security Update 2009-005 una clave aunchd.plist ProgramArgument incorrecta y consecuentemente no se ejecuta, lo que peude permitir a atacantes remotos introducir virus en el sistema. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-16: Configuration •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
30 Mar 2010 — AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 60%CPEs: 6EXPL: 0CVE-2010-0059 – Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0059
30 Mar 2010 — CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. CoreAudio en Apple Mac OS X anterior v10.6.3 permite a atacantse remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria o caída de programa) a través de un contenido de audio ... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0533
https://notcve.org/view.php?id=CVE-2010-0533
30 Mar 2010 — Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. Vulnerabilidad de salto de directorio en AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a atacantes remotos listar un directorio padre del raíz compartido, y leer y modificar ficheros en ese directorio, a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2801
https://notcve.org/view.php?id=CVE-2009-2801
30 Mar 2010 — The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." La aplicación Firewall en Apple Mac OS X v10.5.8 borra reglas firewall no especificadas después de rearrancar, lo que puede permitir a atacantes superar las restricciones de acceso establecidas a través de un paquete de datos, relacionado con el tema "timing". • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2010-1120 – Apple Preview libFontParser SpecialEncoding Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1120
25 Mar 2010 — Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010. Vulnerabilidad sin especificar en Safari 4 sobre Apple Mac Os X v10.6, permite a atacantes remotos ejecutar código de su elección a través de vectores desconocidos, como ha demostrado Charlie Miller durante la competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to e... • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 87%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
05 Mar 2010 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability ex... • http://cups.org/articles.php?L596 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
03 Mar 2010 — The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "de... • http://libpng.sourceforge.net/ADVISORY-1.4.1.html • CWE-400: Uncontrolled Resource Consumption •