CVSS: 4.3EPSS: 0%CPEs: 43EXPL: 0CVE-2010-0531
https://notcve.org/view.php?id=CVE-2010-0531
Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. Apple iTunes en versiones anteriores a la 9.1 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) mediante un fichero de podcast MP4 manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4105 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7427 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 5%CPEs: 26EXPL: 0CVE-2010-0505 – Apple Mac OS X ImageIO Framework JPEG2000 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0505
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function. Un desbordamiento de búfer en la región heap de la memoria en ImageIO en Mac OS X de Apple anterior a versión 10.6.3, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una imagen JP2 (JPEG2000) diseñada, relacionada con un cálculo incorrecto y la función CGImageReadGetBytesAtOffset. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Apple ImageIO framework during the parsing of malformed JPEG2000 files. The function CGImageReadGetBytesAtOffset can utilize miscalculated values during a memmove operation that will result in an exploitable heap corruption allowing attackers to execute arbitrary code under the context of the current user. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510539/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-058 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0506
https://notcve.org/view.php?id=CVE-2010-0506
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. Desbordamiento de búfer en Image RAW de Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una imagen NEF modificada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 52%CPEs: 6EXPL: 1CVE-2010-0519 – Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0519
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. Desbordamiento de enteros en QuickTime en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un archivo de pelicula manipulado con codificación FlashPix. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of a malformed SubImage Header Stream from a malicious FlashPix image. The application takes the NumberOfTiles field from this data structure, multiplies it by 16, and then uses it in an allocation. • https://www.exploit-db.com/exploits/14869 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510519/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7498 • CWE-189: Numeric Errors •
CVSS: 4.0EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0534
https://notcve.org/view.php?id=CVE-2010-0534
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. Wiki Server en Apple Mac OS X v10.6 anterior a v10.6.3, no refuerza el acceso a la lista de control (SACL) para weblogs durante la creación del mismo, lo que permite a usuarios autenticados remotamente publicar contenidos a través de peticiones HTTP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •