CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0533
https://notcve.org/view.php?id=CVE-2010-0533
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. Vulnerabilidad de salto de directorio en AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a atacantes remotos listar un directorio padre del raíz compartido, y leer y modificar ficheros en ese directorio, a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0058
https://notcve.org/view.php?id=CVE-2010-0058
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. freshclam en ClamAV en Apple Mac OS X v10.5.8 con Security Update 2009-005 una clave aunchd.plist ProgramArgument incorrecta y consecuentemente no se ejecuta, lo que peude permitir a atacantes remotos introducir virus en el sistema. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-16: Configuration •
CVSS: 10.0EPSS: 8%CPEs: 6EXPL: 0CVE-2010-0059 – Apple QuickTime QDM2/QDCA Atom Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0059
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA. CoreAudio en Apple Mac OS X anterior v10.6.3 permite a atacantse remotos ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria o caída de programa) a través de un contenido de audio manipulado con codificación QDM2. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the rendering of an audio stream utilizing QDesign's audio codec. The application will perform an allocation utilizing a field specified in the sample's description. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510517/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6922 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0057
https://notcve.org/view.php?id=CVE-2010-0057
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 no previene el uso de invitado de los elementos compartidos de AFP cuando el acceso de invitado está deshabilitado, lo que permite a atacantes remotos evitar las restricciones de aceso previstas a través de una petición de montaje. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0056
https://notcve.org/view.php?id=CVE-2010-0056
Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document. Desbordamiento de búfer en Cocoa spell checking en AppKit en Apple Mac OS X v10.5.8 permite a atacantes asistidos remotamente por usuarios ejecutar código de su elección o causar una denegación de servicio (caída aplicación) a través de un documento manipulado. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •