CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0497 – Apple OS X Internet Enabled Disk Image Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0497
30 Mar 2010 — Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. Disk Images en Apple Mac OS X anteriores a v10.6.3 no proporciona la advertencia esperada de tipo de fichero inseguro en una imagen de disco habilitada para internet, lo cual facilita a atacantes remotos asistidos por usuarios ejecutar código a su elección a trav... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0500
https://notcve.org/view.php?id=CVE-2010-0500
30 Mar 2010 — Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." El Monitor de Eventos (Event Monitor) de Apple Mac OS X en versiones anteriores a la v10.6.3 no valida apropiadamente los nombres de equipo (hostnames) de los clientes SSH, lo que permite a atacantes remotos provocar una denegación de servicio (añadido a... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 26EXPL: 0CVE-2010-0505 – Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0505
30 Mar 2010 — Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. Un desbordamiento de búfer en la región heap de la memoria en ImageIO en Mac OS X de Apple anterior a versión 10.6.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de apl... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0509
https://notcve.org/view.php?id=CVE-2010-0509
30 Mar 2010 — SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. SFLServer de OS Services de Apple Mac OS X anterior a v10.6.3, permite a usuarios locales aumentar sus privilegios a través de vectores relacionados con la pertenencia al grupo "wheel" durante el acceso a los directorios personales de las cuentas de usuario. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2010-0518
https://notcve.org/view.php?id=CVE-2010-0518
30 Mar 2010 — QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. QuickTime en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código arbitrario o una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero de película con condificación Sorenson. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2010-0514
https://notcve.org/view.php?id=CVE-2010-0514
30 Mar 2010 — Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. Desbordamiento de búfer basado en pila en QuickTime de Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una película manipulada con codificación H.261. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2010-0517 – Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0517
30 Mar 2010 — Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation. Desbordamiento de búfer basado en pila en QuickTime en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elec... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0537
https://notcve.org/view.php?id=CVE-2010-0537
30 Mar 2010 — DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. DesktopServices en Apple Mac OS X v10.6 anterior a v10.6.3, no resuelve adecuadamente los nombres de ruta en determinadas circunstancias que involucran al panel para guardar la aplicación, lo que permite a atacantes asistidos por el usuario, provo... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0498
https://notcve.org/view.php?id=CVE-2010-0498
30 Mar 2010 — Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. Directory Services de Apple Mac OS X anterior a v10.6.3 no autoriza correctamente durante el procesamiento de nombres guardados, esto permite a usuarios locales aumentar privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0508
https://notcve.org/view.php?id=CVE-2010-0508
30 Mar 2010 — Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. Mail en Apple Mac OS X en versiones anteriores a la v10.6.3 no deshabilita las reglas de filtrado asociadas con una cuenta de correo eliminada, lo que tiene un impacto y vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html •