CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2010-0525
https://notcve.org/view.php?id=CVE-2010-0525
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. Mail en Apple Mac OS X anterior v10.6.3 no refuerza adecuadamente la clave de extensión usage durante el procesado de una cadena de claves que especifica múltiples certificados para un recipiente e-mail, lo que puede hacer que sea fácil para atacantes remotos obtener información sensible a través de ataques de fuerza bruta en un mensaje e-mail encriptado débilmente. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 5%CPEs: 26EXPL: 0CVE-2010-0505 – Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0505
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. Un desbordamiento de búfer en la región heap de la memoria en ImageIO en Mac OS X de Apple anterior a versión 10.6.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JP2 (JPEG2000) diseñada, relacionada con un cálculo incorrecto y la función CGImageReadGetBytesAtOffset. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510539/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0508
https://notcve.org/view.php?id=CVE-2010-0508
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. Mail en Apple Mac OS X en versiones anteriores a la v10.6.3 no deshabilita las reglas de filtrado asociadas con una cuenta de correo eliminada, lo que tiene un impacto y vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 •
CVSS: 6.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0063
https://notcve.org/view.php?id=CVE-2010-0063
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. Vulnerabilidad de lista negra incompleta en CoreTypes en Apple Mac OS X anterior v10.6.3 hace que sea fácil para atacantes asistidos por usuario ejecutar JavaScript de su elección a través de una página web que ofrece una descarga con un valor content-Type que no está en la lista de contenido posiblemente inseguro de Safari, como quedó demostrado con los valores para las extensiones (1) .ibplugin y(2) .url • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 •
CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0498
https://notcve.org/view.php?id=CVE-2010-0498
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. Directory Services de Apple Mac OS X anterior a v10.6.3 no autoriza correctamente durante el procesamiento de nombres guardados, esto permite a usuarios locales aumentar privilegios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-287: Improper Authentication •