Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apple Subscribe
Filtered by product Mac Os X
Total 5565 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2530 3 Apple, Freebsd, Netbsd 3 Mac Os X, Freebsd, Netbsd 2010-09-30 4.9 MEDIUM N/A
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
CVE-2010-1802 1 Apple 3 Libsecurity, Mac Os X, Mac Os X Server 2010-08-26 6.4 MEDIUM N/A
libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com.
CVE-2010-1808 1 Apple 3 Apple Type Services, Mac Os X, Mac Os X Server 2010-08-26 6.8 MEDIUM N/A
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
CVE-2010-1800 1 Apple 3 Cfnetwork, Mac Os X, Mac Os X Server 2010-08-26 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.
CVE-2010-1120 1 Apple 2 Mac Os X, Safari 2010-06-23 10.0 HIGH N/A
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-0521 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-21 5.0 MEDIUM N/A
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
CVE-2010-0534 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-21 4.0 MEDIUM N/A
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.
CVE-2010-0525 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-21 5.0 MEDIUM N/A
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.
CVE-2010-0535 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-21 6.5 MEDIUM N/A
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2010-0537 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 2.6 LOW N/A
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.
CVE-2010-1382 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
CVE-2010-1380 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 7.5 HIGH N/A
Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.
CVE-2010-1381 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 3.5 LOW N/A
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.
CVE-2010-1379 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 5.0 MEDIUM N/A
Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.
CVE-2010-1375 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 7.2 HIGH N/A
NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors.
CVE-2010-1377 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 9.3 HIGH N/A
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.
CVE-2010-1376 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-18 6.8 MEDIUM N/A
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.
CVE-2010-1374 2 Aol, Apple 3 Aim, Mac Os X, Mac Os X Server 2010-06-17 4.3 MEDIUM N/A
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation.
CVE-2010-1373 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."
CVE-2010-0546 1 Apple 2 Mac Os X, Mac Os X Server 2010-06-17 3.3 LOW N/A
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder.