CVSS: 4.4EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0545
https://notcve.org/view.php?id=CVE-2010-0545
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. El buscador de DesktopServices en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, no asigna un propietario a los archivos durante una acción "Aplicar a los elementos incluidos", lo que permite eludir las restricciones de acceso a usuarios locales a través de operaciones normales de sistema de ficheros. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0546
https://notcve.org/view.php?id=CVE-2010-0546
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. El administrador de carpetas de Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, permite a usuarios locales borrar las carpetas de su elección mediante un ataque de enlace simbólico junto con una operación de desmontaje (umount) de un volumen debidamente modificado. Es una vulnerabilidad relacionada con la carpeta "Cleanup At Startup". • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 3%CPEs: 8EXPL: 0CVE-2010-1380
https://notcve.org/view.php?id=CVE-2010-1380
Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. Un desbordamiento de entero en el filtro de impresion CUPS cgtexttops en Apple Mac OS X v10.6 antes de v10.6.4 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (por caída de la aplicación) a través de vectores relacionados con el tamaño de página a imprimir. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2010-0541 – Ruby WEBrick javascript injection flaw
https://notcve.org/view.php?id=CVE-2010-0541
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el servidor HTTP WEBrick en Ruby en Apple Mac OS X v10.5.8 y v10.6 antes de v10.6.4, permite a atacantes remotos inyectar HTML o secuencias de comandos weba través de una URI debidamente modificada que desencadena una página de error UTF-7. • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://support.apple.com/kb/HT4188 http://www.mandriva.com/security/advisories?name=MDVSA-2011:097 http://www.mandriva.com/security/advisories?name=MDVSA-2011:098 http://www.redhat.com/support/errata/RHSA-2011-0908.html http://www.redhat.com/support/errata/RHSA-2011-0909.html http://www.securityfocus.com/bid/40871 http://www.securityfocus.com/bid/40895 http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-1382
https://notcve.org/view.php?id=CVE-2010-1382
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Wiki Server de Apple Mac OS X v10.5.8, y v10.6 anterior a v10.6.4, permite a usuarios autenticados en remotos, inyectar secuencias de comandos web de su elección o HTML a través de contenidos Wiki manipulados relacionados con la falta de un campo "charset". • http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://secunia.com/advisories/40220 http://securitytracker.com/id?1024103 http://support.apple.com/kb/HT4188 http://www.securityfocus.com/bid/40871 http://www.vupen.com/english/advisories/2010/1481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •