Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:mac_os_x_server:10.6.4
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3812 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3811 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3810 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3809 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3808 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3805 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3804 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3803 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. Published: November 22, 2010; 8:00:17 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3798 |
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3797 |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-3796 |
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3795 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3794 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3793 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3792 |
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3791 |
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3790 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3789 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3788 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3787 |
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image. Published: November 16, 2010; 5:00:16 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |