CVSS: 10.0EPSS: 9%CPEs: 6EXPL: 0CVE-2010-0062 – Apple QuickTime H.263 Array Index Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0062
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation. Desbordamiento de búfer basado en memoria dinámica en CoreMedia y QuickTime en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a usuarios remtos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de un fichero de video modificado con una codificación H.263. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required in that a target must open a malicious media file or visit a malicious page. The specific flaw exists within the parsing of H.263 media files. The code within QuickTime trusts various values from MDAT structures and uses them during operations on heap memory. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510510/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-036 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6626 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0522
https://notcve.org/view.php?id=CVE-2010-0522
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. Server Admin en Apple Mac OS X Server v10.5.8 no determina adecuadamente los privilegios de los usuarios que habían pertenecido al grupo de administración, lo cual permite a usuarios remotos autenticados aprovechar esta antigua pertenencia para obtener una conexión con el servidor a través de la pantalla compartida. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0523
https://notcve.org/view.php?id=CVE-2010-0523
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. Wiki Server en Apple Mac OS X v10.5.8 no restringe los tipos de archivo que se pueden subir, lo que permite a atacantes obtener información sensible o posiblemente tener otro impacto desconocido a través de un archivo manipulado, como se ha demostrado con un applet java. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0508
https://notcve.org/view.php?id=CVE-2010-0508
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. Mail en Apple Mac OS X en versiones anteriores a la v10.6.3 no deshabilita las reglas de filtrado asociadas con una cuenta de correo eliminada, lo que tiene un impacto y vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 •
CVSS: 6.8EPSS: 1%CPEs: 26EXPL: 0CVE-2010-0513
https://notcve.org/view.php?id=CVE-2010-0513
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. Desbordamiento de búfer basado en pila PS Normalizer en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un documento PostScript manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://osvdb.org/63409 http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39151 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •