CVE-2010-1847
https://notcve.org/view.php?id=CVE-2010-1847
The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. El kernel en Apple Mac OS X v10.6.x anteriores a v10.6.5 no realiza de forma adecuada la gestión de memoria asociada con dispositivos terminales, lo que permite a usuarios locales provocar una denegación de servicio (caída del sistema) a través de vectores no especificos. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 • CWE-399: Resource Management Errors •
CVE-2010-3783
https://notcve.org/view.php?id=CVE-2010-3783
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. Servidor de contraseñas en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 no realiza adecuadamente la replicación, lo que permite a a usuarios autenticados remotamente superar la verificación de la contraseña corriente a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-1845
https://notcve.org/view.php?id=CVE-2010-1845
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. ImageIO en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de una imagen PSD manipulada. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securityfocus.com/archive/1/514867/100/0/threaded http://www.securitytracker.com/id?1024723 • CWE-20: Improper Input Validation •
CVE-2010-3796
https://notcve.org/view.php?id=CVE-2010-3796
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Safari RSS en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 no bloquea las applets de Java en los feed RSS, lo que permite a atacantes remotos obtener información sensible a través del feedo: URL contiene un applet que realiza modificaciones DOM. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3784
https://notcve.org/view.php?id=CVE-2010-3784
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. El API PMPageFormatCreateWithDataRepresentation para Printing en Apple Mac OS X v10.5.8 y v10.6.x anterior a v10.6.5 no maneja adecuadamente los datos XML, lo que permite a atacantes provocar una denegación de servicio (referencia a puntero nulo -NULL- y caída de la aplicación) a través de llamadas no especificadas a la API. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 •