CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0512
https://notcve.org/view.php?id=CVE-2010-0512
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. La implementación de Preferencias de las Cuentas -Accounts Preferences- en Apple Mac OS X v10.6 anterior a v10.6.3 cuando se está usando un servidor de cuenta de red, no soporta el control de acceso de Login Window que se basa únicamente en pertenencia a grupos. Esto permite a atacantes evitar las restricciones de acceso pretendidas introduciendo credenciales de registro. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/bid/39153 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2010-0514
https://notcve.org/view.php?id=CVE-2010-0514
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. Desbordamiento de búfer basado en pila en QuickTime de Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una película manipulada con codificación H.261. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2010-0518
https://notcve.org/view.php?id=CVE-2010-0518
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. QuickTime en Apple Mac OS X anteriores a v10.6.3 permite a atacantes remotos ejecutar código arbitrario o una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un fichero de película con condificación Sorenson. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0535
https://notcve.org/view.php?id=CVE-2010-0535
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. Dovecot en Apple Mac OS X v10.6 anterior a v10.6.3, cuando Kerberos está habilitado no aplica de forma efectiva la lista de control de acceso al servicio (SACL) para enviar y recibir correo electrónico, lo cual permite a usuarios remotos autenticados eludir las restricciones de acceso previsto a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 6%CPEs: 6EXPL: 0CVE-2010-0526 – Apple QuickTime MPEG-1 genl Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0526
Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. Desbordamiento de búfer basado en memoria dinámica (heap) en QuickTime en Apple Mac OS X anterior a la v10.6.3, permite a atacantes remotos ejecutar código HTML de su elección o provocar una denegación de servicio (caída de aplicación) a través de un archivo "movie" codificado con MPEG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of MPEG content. Upon reading a field used for compression within a 'genl' atom in the movie container, the application will decompress outside the boundary of an allocated buffer. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510508/100/0/threaded http://www.securityfocus.com/archive/1/510530/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-035 http://www.zerodayinitiative.com/advisories/ZDI-10-045 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •