Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3816 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3813 |
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2010-3812 |
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3811 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3810 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the History object, which allows remote attackers to spoof the location bar's URL or add URLs to the history via a cross-origin attack. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3809 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3808 |
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. Published: November 22, 2010; 8:00:18 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3805 |
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254. Published: November 22, 2010; 8:00:17 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3804 |
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. Published: November 22, 2010; 8:00:17 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3803 |
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string. Published: November 22, 2010; 8:00:17 AM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-3798 |
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3797 |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-3796 |
Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-3795 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3794 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3793 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3792 |
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3791 |
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3790 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-3789 |
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file. Published: November 16, 2010; 5:00:16 PM -0500 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |