CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2010-0518
https://notcve.org/view.php?id=CVE-2010-0518
30 Mar 2010 — QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. QuickTime en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código arbitrario o una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero de película con condificación Sorenson. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 1CVE-2010-0519 – Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0519
30 Mar 2010 — Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. Desbordamiento de enteros en QuickTime en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un archivo de pelicula manipulado co... • https://www.exploit-db.com/exploits/14869 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 9%CPEs: 6EXPL: 1CVE-2010-0520 – Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0520
30 Mar 2010 — Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. Desbordamiento de búfer basado en memoria dinámica (heap) en QuickTime en Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su ... • https://www.exploit-db.com/exploits/15035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2010-0521
https://notcve.org/view.php?id=CVE-2010-0521
30 Mar 2010 — Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. Server Admin en Apple Mac OS X Server anteriores a v10.6.3 no aplica adecuadamente la autentican para la vinculación de directorio, lo que permite a atacantes remotos obtener información potencialmente sensible del Open Directory a través de peticiones LDAP inespecíficas... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0524
https://notcve.org/view.php?id=CVE-2010-0524
30 Mar 2010 — The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. La configuración por defecto del FreeRADIUS server en Apple Mac OS X Server anterior a la v10.6.3, permite a las conexiones EAP-TLS autenticadas sobre la base de cualquier certificado cliente, lo que permite a atacantes remot... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2010-0525
https://notcve.org/view.php?id=CVE-2010-0525
30 Mar 2010 — Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. Mail en Apple Mac OS X anterior v10.6.3 no refuerza adecuadamente la clave de extensión usage durante el procesado de una cadena de claves que especifica múltiples certificados para un rec... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 5%CPEs: 6EXPL: 0CVE-2010-0526 – Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0526
30 Mar 2010 — Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. Desbordamiento de búfer basado en memoria dinámica (heap) en QuickTime en Apple Mac OS X anterior a la v10.6.3, permite a atacantes remotos ejecutar código HTML de su elección o provocar una denegac... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0534
https://notcve.org/view.php?id=CVE-2010-0534
30 Mar 2010 — Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. Wiki Server en Apple Mac OS X v10.6 anterior a v10.6.3, no refuerza el acceso a la lista de control (SACL) para weblogs durante la creación del mismo, lo que permite a usuarios autenticados remotamente publicar contenidos a través de peticiones HTTP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0535
https://notcve.org/view.php?id=CVE-2010-0535
30 Mar 2010 — Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Dovecot en Apple Mac OS X v10.6 anterior a v10.6.3, cuando Kerberos está habilitado no aplica de forma efectiva la lista de control de acceso al servicio (SACL) para enviar y recibir correo electrónico, lo cual permite a usuarios remotos... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0537
https://notcve.org/view.php?id=CVE-2010-0537
30 Mar 2010 — DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. DesktopServices en Apple Mac OS X v10.6 anterior a v10.6.3, no resuelve adecuadamente los nombres de ruta en determinadas circunstancias que involucran al panel para guardar la aplicación, lo que permite a atacantes asistidos por el usuario, provo... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •