Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x:10.0.0
There are 3,007 matching records.
Displaying matches 2,841 through 2,860.
Vuln ID Summary CVSS Severity
CVE-2010-2603

RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for Mac, uses a weak password to encrypt a database backup file, which makes it easier for local users to decrypt the file via a brute force attack.

Published: December 17, 2010; 2:00:19 PM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-4397

Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.

Published: December 14, 2010; 11:00:05 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4387

The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted audio stream in a RealMedia file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4384

Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4383

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 12.0.0.1444, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted RA5 file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4381

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4379

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via a crafted SIPR file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4377

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subbands in cook audio codec information in a Real Audio file.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4376

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a large Screen Width value in the Screen Descriptor header of a GIF87a file in an RTSP stream.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-4375

Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via malformed multi-rate data in an audio stream.

Published: December 14, 2010; 11:00:04 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2999

Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.

Published: December 14, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2997

Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.

Published: December 14, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2579

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 does not properly initialize the number of channels, which allows attackers to obtain unspecified "memory access" via unknown vectors.

Published: December 14, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-0125

RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.

Published: December 14, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-0121

The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vectors.

Published: December 14, 2010; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-4494

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

Published: December 07, 2010; 4:00:09 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-4091

The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.

Published: November 07, 2010; 5:00:03 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3638

Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors.

Published: November 07, 2010; 5:00:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3654

Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.

Published: October 29, 2010; 3:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH