U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:mac_os_x_server:10.6.4
There are 169 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2010-1829

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

Published: November 15, 2010; 6:00:04 PM -0500
V3.x:(not available)
V2.0: 6.0 MEDIUM
CVE-2010-1828

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

Published: November 15, 2010; 6:00:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1803

Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

Published: November 15, 2010; 6:00:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1378

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

Published: November 15, 2010; 6:00:01 PM -0500
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2010-2941

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

Published: November 05, 2010; 1:00:01 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 9.3 HIGH
CVE-2010-1820

Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.

Published: September 21, 2010; 4:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1808

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.

Published: August 25, 2010; 4:00:16 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1802

libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.

Published: August 25, 2010; 4:00:16 PM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2010-1801

Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.

Published: August 25, 2010; 4:00:16 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1800

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.

Published: August 25, 2010; 4:00:16 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2010-1796

The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2010-1793

Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1792

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1791

Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1790

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1789

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1788

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1787

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1786

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-1785

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

Published: July 30, 2010; 4:30:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH