CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2010-0517 – Apple QuickTime MJPEG Sample Dimensions Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0517
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation. Desbordamiento de búfer basado en pila en QuickTime en Apple Mac OS X anterior v10.6.3 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de programa) a través de un archivo de película manipualdo con codificación M-JPEG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of compressed mjpeg data from a malformed .mov file. The application will utilize the width and height fields in the file for calculating the size of a heap buffer. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 http://www.securityfocus.com/archive/1/510511/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-10-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6673 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 6EXPL: 0CVE-2010-0514
https://notcve.org/view.php?id=CVE-2010-0514
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding. Desbordamiento de búfer basado en pila en QuickTime de Apple Mac OS X anterior a 10.6.3, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una película manipulada con codificación H.261. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00002.html http://support.apple.com/kb/HT4077 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7043 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0506
https://notcve.org/view.php?id=CVE-2010-0506
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image. Desbordamiento de búfer en Image RAW de Apple Mac OS X v10.5.8 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) a través de una imagen NEF modificada. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2801
https://notcve.org/view.php?id=CVE-2009-2801
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue." La aplicación Firewall en Apple Mac OS X v10.5.8 borra reglas firewall no especificadas después de rearrancar, lo que puede permitir a atacantes superar las restricciones de acceso establecidas a través de un paquete de datos, relacionado con el tema "timing". • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2010-0533
https://notcve.org/view.php?id=CVE-2010-0533
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. Vulnerabilidad de salto de directorio en AFP Server en Apple Mac OS X en versiones anteriores a la v10.6.3 permite a atacantes remotos listar un directorio padre del raíz compartido, y leer y modificar ficheros en ese directorio, a través de vectores de ataque sin especificar. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://support.apple.com/kb/HT4077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •