Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-1833 |
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document. Published: November 15, 2010; 6:00:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1832 |
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document. Published: November 15, 2010; 6:00:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1831 |
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document. Published: November 15, 2010; 6:00:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1830 |
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors. Published: November 15, 2010; 6:00:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-1829 |
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share. Published: November 15, 2010; 6:00:04 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2010-1828 |
AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets. Published: November 15, 2010; 6:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-1803 |
Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume. Published: November 15, 2010; 6:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1378 |
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. Published: November 15, 2010; 6:00:01 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2010-4091 |
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information. Published: November 07, 2010; 5:00:03 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3638 |
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Mac OS X, when Safari is used, allows attackers to obtain sensitive information via unknown vectors. Published: November 07, 2010; 5:00:01 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-2941 |
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. Published: November 05, 2010; 1:00:01 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 9.3 HIGH |
CVE-2010-3654 |
Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010. Published: October 29, 2010; 3:00:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3887 |
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. Published: October 08, 2010; 6:00:36 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3623 |
Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Published: October 06, 2010; 1:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2530 |
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Published: September 29, 2010; 1:00:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2010-1820 |
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name. Published: September 21, 2010; 4:00:01 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-2884 |
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. Published: September 15, 2010; 2:00:44 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-2770 |
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. Published: September 09, 2010; 3:00:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1808 |
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. Published: August 25, 2010; 4:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1802 |
libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. Published: August 25, 2010; 4:00:16 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.4 MEDIUM |