Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x_server:10.5.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3819 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3818 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3817 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3816 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3813 |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2010-3812 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3811 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3810 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3809 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3808 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3805 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3804 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3803 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-4010 |
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. Published: November 16, 2010; 6:18:55 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3797 |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-3796 |
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3785 |
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3784 |
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. Published: November 16, 2010; 5:00:15 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3783 |
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors. Published: November 16, 2010; 5:00:15 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1846 |
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image. Published: November 16, 2010; 5:00:15 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |