CVE-2010-1749 – Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1749
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. Una vulnerabilidad de uso de la memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, y anterior a versión 4.1 sobre Mac OS X versión 10.4, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de vectores relacionados con la propiedad de ejecución de Cascading Style Sheets (CSS) y múltiples invocaciones de un destructor para un elemento hijo al que ha sido referenciado varias veces. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the run-in display property. On insertion of a specific element with the "run-in" display property, the application will create a duplicate reference of a child element used to support that attribute. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://secunia.com/advisories/43068 http://securitytracker.com/id?1024067 http://support.apple.com/kb/HT4196 http://support.apple.com/kb/HT4220 http://www.securityfocus.com/archive/1/511725& • CWE-399: Resource Management Errors •
CVE-2010-0509
https://notcve.org/view.php?id=CVE-2010-0509
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. SFLServer de OS Services de Apple Mac OS X anterior a v10.6.3, permite a usuarios locales aumentar sus privilegios a través de vectores relacionados con la pertenencia al grupo "wheel" durante el acceso a los directorios personales de las cuentas de usuario. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0513
https://notcve.org/view.php?id=CVE-2010-0513
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Desbordamiento de búfer basado en pila PS Normalizer en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un documento PostScript manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://osvdb.org/63409 http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0507
https://notcve.org/view.php?id=CVE-2010-0507
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image. Desbordamiento de búfer en Image RAW en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (cuelgue de aplicación) a través de una imagen PEF manipulada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-0504
https://notcve.org/view.php?id=CVE-2010-0504
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en iChat Server de Apple Mac OS X Server en versiones anteriores a la v10.6.3 permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •