National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.6.4
There are 165 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2010-3811

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.

Published: November 22, 2010; 08:00:18 AM -05:00
    V2: 9.3 HIGH
CVE-2010-3810

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack.

Published: November 22, 2010; 08:00:18 AM -05:00
    V2: 4.3 MEDIUM
CVE-2010-3809

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Published: November 22, 2010; 08:00:18 AM -05:00
    V2: 9.3 HIGH
CVE-2010-3808

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.

Published: November 22, 2010; 08:00:18 AM -05:00
    V2: 9.3 HIGH
CVE-2010-3805

Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.

Published: November 22, 2010; 08:00:17 AM -05:00
    V2: 9.3 HIGH
CVE-2010-3804

The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.

Published: November 22, 2010; 08:00:17 AM -05:00
    V2: 5.0 MEDIUM
CVE-2010-3803

Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.

Published: November 22, 2010; 08:00:17 AM -05:00
    V2: 9.3 HIGH
CVE-2010-3798

Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3797

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 3.5 LOW
CVE-2010-3796

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 4.3 MEDIUM
CVE-2010-3795

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3794

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3793

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3792

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3791

Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3790

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3789

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3788

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3787

Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM
CVE-2010-3786

QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

Published: November 16, 2010; 05:00:16 PM -05:00
    V2: 6.8 MEDIUM