CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2010-3787 119 DoS Exec Code Overflow 2010-11-16 2010-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
1302 CVE-2010-3786 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2011-10-21
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.
1303 CVE-2010-3785 119 DoS Exec Code Overflow 2010-11-16 2011-10-21
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.
1304 CVE-2010-3783 264 Bypass 2010-11-16 2010-12-10
6.8
None Remote Low ??? None Complete None
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.
1305 CVE-2010-2808 120 DoS Exec Code Overflow Mem. Corr. 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.
1306 CVE-2010-2807 681 DoS Exec Code 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
1307 CVE-2010-2806 129 DoS Exec Code Overflow 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.
1308 CVE-2010-2805 20 DoS Exec Code 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
1309 CVE-2010-2519 787 DoS Exec Code Overflow 2010-08-19 2021-03-23
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.
1310 CVE-2010-2500 190 DoS Exec Code Overflow 2010-08-19 2021-03-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
1311 CVE-2010-2499 120 DoS Exec Code Overflow 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.
1312 CVE-2010-2498 787 DoS Exec Code Mem. Corr. 2010-08-19 2021-04-06
6.8
None Remote Medium Not required Partial Partial Partial
The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.
1313 CVE-2010-2497 191 DoS Exec Code 2010-08-19 2021-03-23
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
1314 CVE-2010-1846 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.
1315 CVE-2010-1845 20 DoS Exec Code Mem. Corr. 2010-11-16 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
1316 CVE-2010-1837 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.
1317 CVE-2010-1836 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
1318 CVE-2010-1833 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.
1319 CVE-2010-1832 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.
1320 CVE-2010-1831 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.
1321 CVE-2010-1829 22 Exec Code Dir. Trav. 2010-11-15 2010-12-10
6.0
None Remote Medium ??? Partial Partial Partial
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.
1322 CVE-2010-1822 704 DoS Exec Code 2010-10-04 2020-08-03
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
1323 CVE-2010-1820 287 Bypass 2010-09-21 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
1324 CVE-2010-1768 +Priv 2010-08-20 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch.
1325 CVE-2010-1411 189 DoS Exec Code Overflow 2010-06-17 2013-05-15
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.
1326 CVE-2010-1376 134 DoS Exec Code 2010-06-17 2010-06-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.
1327 CVE-2010-0543 119 DoS Exec Code Overflow Mem. Corr. 2010-06-17 2010-06-17
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.
1328 CVE-2010-0542 264 DoS Exec Code Mem. Corr. 2010-06-21 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
1329 CVE-2010-0540 352 CSRF 2010-06-17 2017-09-19
6.0
None Remote Medium ??? Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
1330 CVE-2010-0535 264 Bypass 2010-03-30 2010-06-21
6.5
None Remote Low ??? Partial Partial Partial
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
1331 CVE-2010-0520 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.
1332 CVE-2010-0519 189 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
1333 CVE-2010-0518 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
1334 CVE-2010-0517 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
1335 CVE-2010-0516 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.
1336 CVE-2010-0515 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
1337 CVE-2010-0514 119 DoS Exec Code Overflow 2010-03-30 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
1338 CVE-2010-0513 119 DoS Exec Code Overflow 2010-03-30 2010-04-09
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.
1339 CVE-2010-0507 119 DoS Exec Code Overflow 2010-03-30 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
1340 CVE-2010-0506 119 DoS Exec Code Overflow 2010-03-30 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.
1341 CVE-2010-0505 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.
1342 CVE-2010-0503 399 DoS Exec Code 2010-03-30 2010-03-31
6.5
None Remote Low ??? Partial Partial Partial
Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
1343 CVE-2010-0501 22 Dir. Trav. 2010-03-30 2010-03-31
6.8
None Remote Low ??? Complete None None
Directory traversal vulnerability in FTP Server in Apple Mac OS X Server before 10.6.3 allows remote authenticated users to read arbitrary files via crafted filenames.
1344 CVE-2010-0497 Exec Code 2010-03-30 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
1345 CVE-2010-0393 264 +Priv 2010-03-05 2013-05-15
6.9
None Local Medium Not required Complete Complete Complete
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
1346 CVE-2010-0065 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.
1347 CVE-2010-0064 264 Bypass 2010-03-30 2010-03-31
6.9
None Local Medium Not required Complete Complete Complete
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.
1348 CVE-2010-0063 2010-03-30 2010-03-31
6.8
None Remote Medium Not required Partial Partial Partial
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.
1349 CVE-2010-0062 119 DoS Exec Code Overflow 2010-03-30 2018-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.
1350 CVE-2010-0060 119 DoS Exec Code Overflow Mem. Corr. 2010-03-30 2017-09-19
6.8
None Remote Medium Not required Partial Partial Partial
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
Total number of vulnerabilities : 1465   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.