CVSS: 8.1EPSS: 13%CPEs: 94EXPL: 1CVE-2010-1748 – CUPS 1.4.2 - Web Interface Information Disclosure
https://notcve.org/view.php?id=CVE-2010-1748
17 Jun 2010 — The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. La fu... • https://www.exploit-db.com/exploits/34152 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2010-0541 – Ruby WEBrick javascript injection flaw
https://notcve.org/view.php?id=CVE-2010-0541
17 Jun 2010 — Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el servidor HTTP WEBrick en Ruby en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, permite a atacantes remotos inyectar HTML o secuencias de comandos weba través de una URI debidamente modificada q... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0546
https://notcve.org/view.php?id=CVE-2010-0546
17 Jun 2010 — Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. El administrador de carpetas de Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, permite a usuarios locales borrar las carpetas de su elección mediante un ataque de enlace simbólico junto con una operación de desmontaje (umount) de un volumen debidamente modificado. Es una v... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 3%CPEs: 8EXPL: 0CVE-2010-1376
https://notcve.org/view.php?id=CVE-2010-1376
17 Jun 2010 — Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. Múltiples vulnerabilidades de formato de cadena en "Network Authorization" en Apple Mac OS X v10.6 antes de v10.6.4 permiten a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por caída de la aplicación) a travé... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0540 – CUPS administrator web interface CSRF
https://notcve.org/view.php?id=CVE-2010-0540
17 Jun 2010 — Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings. Una vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el interfaz web de CUPS en Apple Mac OS X v10.5.8 y a10.6 antes de 10.6.4, permite a atacantes remotos secuestrar la autenticación de los administradores ... • http://cups.org/articles.php?L596 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2010-1379
https://notcve.org/view.php?id=CVE-2010-1379
17 Jun 2010 — Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. La configuración de la impresora en Apple Mac OS X v10.6 antes de v10.6.4 no interpreta correctamente la codificación de caracteres, lo que permite provocar a atacantes remotos una denegación de servicio (por fallo de impresión) mediante el desp... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2010-1377
https://notcve.org/view.php?id=CVE-2010-1377
17 Jun 2010 — Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. 'Open Directory' en Apple Mac OS X v10.6 antes de v10.6.4 crea una conexión no cifrada bajo ciertos fallos de SSL, lo que permite falsificar servidores de cuentas de red a atacantes "man-in-the-middle, y posiblemente también ejecutar código de su elecc... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 1%CPEs: 10EXPL: 1CVE-2010-1411 – libtiff: integer overflows leading to heap overflow in Fax3SetupState
https://notcve.org/view.php?id=CVE-2010-1411
17 Jun 2010 — Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en ImageIO de Apple Mac OS X v10.5.8, y v10.6 anterior a v10.6.4, permiten a atacantes remotos ejecutar código de su... • https://github.com/MAVProxyUser/httpfuzz-robomiller • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2010-1374
https://notcve.org/view.php?id=CVE-2010-1374
17 Jun 2010 — Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. Vulnerabilidad de salto de directorio en iChat en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, cuando el objetivo se utiliza, permite a atacantes remotos crear ficheros arbitrarios mediante secuencias de salto de directorio en una operación de transferencia de un archivo de... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 4%CPEs: 8EXPL: 0CVE-2010-1380
https://notcve.org/view.php?id=CVE-2010-1380
17 Jun 2010 — Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. Un desbordamiento de entero en el filtro de impresion CUPS cgtexttops en Apple Mac OS X v10.6 antes de v10.6.4 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores relacionados con el tamaño... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html • CWE-189: Numeric Errors •