CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0533
https://notcve.org/view.php?id=CVE-2010-0533
30 Mar 2010 — Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. Vulnerabilidad de salto de directorio en AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a atacantes remotos listar un directorio padre del raíz compartido, y leer y modificar ficheros en ese directorio, a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2801
https://notcve.org/view.php?id=CVE-2009-2801
30 Mar 2010 — The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." La aplicación Firewall en Apple Mac OS X v10.5.8 borra reglas firewall no especificadas después de rearrancar, lo que puede permitir a atacantes superar las restricciones de acceso establecidas a través de un paquete de datos, relacionado con el tema "timing". • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 60%CPEs: 6EXPL: 0CVE-2010-0059 – Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0059
30 Mar 2010 — CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. CoreAudio en Apple Mac OS X anterior v10.6.3 permite a atacantse remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria o caída de programa) a través de un contenido de audio ... • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
30 Mar 2010 — AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 87%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 0CVE-2010-0302 – cups Incomplete fix for CVE-2009-3553
https://notcve.org/view.php?id=CVE-2010-0302
05 Mar 2010 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability ex... • http://cups.org/articles.php?L596 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2010-0036
https://notcve.org/view.php?id=CVE-2010-0036
20 Jan 2010 — Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file. Desbordamiento de búfer en CoreAudio in Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de un fichero de audio MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 4EXPL: 0CVE-2010-0037
https://notcve.org/view.php?id=CVE-2010-0037
20 Jan 2010 — Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image. Desbordamiento de búfer en Image RAW en Apple Mac OS X v10.5.8 y v10.6.2 permite a atacantes remotos ejecutar código arbitrario o producir una denegación de servicio (caída de aplicación) a través de una imagen DNG manipulada. • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2009-2843
https://notcve.org/view.php?id=CVE-2009-2843
08 Dec 2009 — Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. Java para Mac OS X 1v0.5 anterior Update v6 y v10.6 anterior Update v1 acepta certificados expirados para applets, lo que hace que sea facil para atacantes remotos ejecutar código de su elección a través de un applet. • http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 6%CPEs: 14EXPL: 0CVE-2009-3553 – cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface
https://notcve.org/view.php?id=CVE-2009-3553
20 Nov 2009 — Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. Vulnerabilidad de uso anterior a la liberación en el d... • http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html • CWE-416: Use After Free •