CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0CVE-2010-0521
https://notcve.org/view.php?id=CVE-2010-0521
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. Server Admin en Apple Mac OS X Server anteriores a v10.6.3 no aplica adecuadamente la autentican para la vinculación de directorio, lo que permite a atacantes remotos obtener información potencialmente sensible del Open Directory a través de peticiones LDAP inespecíficas. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0509
https://notcve.org/view.php?id=CVE-2010-0509
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts. SFLServer de OS Services de Apple Mac OS X anterior a v10.6.3, permite a usuarios locales aumentar sus privilegios a través de vectores relacionados con la pertenencia al grupo "wheel" durante el acceso a los directorios personales de las cuentas de usuario. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.0EPSS: 0%CPEs: 13EXPL: 0CVE-2010-0510
https://notcve.org/view.php?id=CVE-2010-0510
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password. El servidor de contraseñas -Password Server- de Mac OS X Server anterior a v10.6.3 no realiza la duplicación de contraseñas adecuadamente, esto puede permitir a usuarios autenticados en remoto obtener acceso registrado a través de una contraseña que ya haya caducado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 0CVE-2010-0504
https://notcve.org/view.php?id=CVE-2010-0504
Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Múltiples desbordamientos de búfer basados en pila en iChat Server de Apple Mac OS X Server en versiones anteriores a la v10.6.3 permiten a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 6EXPL: 1CVE-2010-0520 – Apple QuickTime FLI LinePacket Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0520
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. Desbordamiento de búfer basado en memoria dinámica (heap) en QuickTime en Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo "movie" manipulado codificado con FLC. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within QuickTimeAuthoring.qtx during the parsing of DELTA_FLI chunks stored within a malformed .fli file. The applications trusts a user-supplied length for decompression which can be modified to copy more data than necessary leading to a buffer overflow. • https://www.exploit-db.com/exploits/15035 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510520/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-044 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •