CVE-2010-3796
https://notcve.org/view.php?id=CVE-2010-3796
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Safari RSS en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 no bloquea las applets de Java en los feed RSS, lo que permite a atacantes remotos obtener información sensible a través del feedo: URL contiene un applet que realiza modificaciones DOM. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-3784
https://notcve.org/view.php?id=CVE-2010-3784
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. El API PMPageFormatCreateWithDataRepresentation para Printing en Apple Mac OS X v10.5.8 y v10.6.x anterior a v10.6.5 no maneja adecuadamente los datos XML, lo que permite a atacantes provocar una denegación de servicio (referencia a puntero nulo -NULL- y caída de la aplicación) a través de llamadas no especificadas a la API. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securitytracker.com/id?1024723 •
CVE-2010-3787
https://notcve.org/view.php?id=CVE-2010-3787
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. Desbordamiento de búfer basado en memoria dinámica en QuickTime en Apple Mac OS X v10.6.x anteriores a v10.6.5, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de una imagen JP2. • http://lists.apple.com/archives/security-announce/2010//Dec/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT4447 http://www.kb.cert.org/vuls/id/309873 http://www.securityfocus.com/bid/44798 http://www.securitytracker.com/id?1024729 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3785
https://notcve.org/view.php?id=CVE-2010-3785
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Desbordamiento de búfer en QuickLook en Apple Mac OS X v10.5.8 y v10.6.x anterior v10.6.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento Microsoft Office manipulado. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00006.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://support.apple.com/kb/HT5004 http://www.securitytracker.com/id?1024723 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-1844
https://notcve.org/view.php?id=CVE-2010-1844
Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image. Vulnerabilidad no específica en Image Capture en Apple Mac OS X v10.6.x anteriores a v10.6.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del sistema) a través de una imagen manipulada. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://support.apple.com/kb/HT4435 http://www.securityfocus.com/bid/44813 http://www.securitytracker.com/id?1024723 • CWE-20: Improper Input Validation •