CVSS: 10.0EPSS: 10%CPEs: 6EXPL: 0CVE-2010-0060 – Apple QuickTime QDMC/QDM2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0060
30 Mar 2010 — CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding. CoreAudio en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código de su elección o a provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de contenido de audio manipulado, codificado con QDMC. This vulnerability allows remote attackers to... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 36%CPEs: 6EXPL: 1CVE-2010-0520 – Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0520
30 Mar 2010 — Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. Desbordamiento de búfer basado en memoria dinámica (heap) en QuickTime en Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su ... • https://www.exploit-db.com/exploits/15035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0509
https://notcve.org/view.php?id=CVE-2010-0509
30 Mar 2010 — SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. SFLServer de OS Services de Apple Mac OS X anterior a v10.6.3, permite a usuarios locales aumentar sus privilegios a través de vectores relacionados con la pertenencia al grupo "wheel" durante el acceso a los directorios personales de las cuentas de usuario. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 13EXPL: 0CVE-2010-0503
https://notcve.org/view.php?id=CVE-2010-0503
30 Mar 2010 — Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Vulnerabilidad de uso después de la liberación en iChat Server de Apple Mac OS X Server v10.5.8 permite a usuarios autenticados en remoto ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores no especificados • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0506
https://notcve.org/view.php?id=CVE-2010-0506
30 Mar 2010 — Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. Desbordamiento de búfer en Image RAW de Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una imagen NEF modificada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0535
https://notcve.org/view.php?id=CVE-2010-0535
30 Mar 2010 — Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Dovecot en Apple Mac OS X v10.6 anterior a v10.6.3, cuando Kerberos está habilitado no aplica de forma efectiva la lista de control de acceso al servicio (SACL) para enviar y recibir correo electrónico, lo cual permite a usuarios remotos... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0537
https://notcve.org/view.php?id=CVE-2010-0537
30 Mar 2010 — DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. DesktopServices en Apple Mac OS X v10.6 anterior a v10.6.3, no resuelve adecuadamente los nombres de ruta en determinadas circunstancias que involucran al panel para guardar la aplicación, lo que permite a atacantes asistidos por el usuario, provo... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2010-0501
https://notcve.org/view.php?id=CVE-2010-0501
30 Mar 2010 — Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames. Vulnerabilidad de salto de directorio en el servidor FTP de Apple Mac OS X Server en versiones anteriores a la v10.6.3 permite a usuarios remotos autenticados leer ficheros de su elección a través de nombres de ficheros modificados. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0063
https://notcve.org/view.php?id=CVE-2010-0063
30 Mar 2010 — Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior v10.6.3 hace que sea fácil para atacantes asistidos por us... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0513
https://notcve.org/view.php?id=CVE-2010-0513
30 Mar 2010 — Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Desbordamiento de búfer basado en pila PS Normalizer en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un documento PostScript manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •