Total
799 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0534 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-20 | 4.0 MEDIUM | N/A |
Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | |||||
CVE-2010-0522 | 1 Apple | 1 Mac Os X Server | 2010-06-20 | 9.0 HIGH | N/A |
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing. | |||||
CVE-2010-0523 | 1 Apple | 1 Mac Os X Server | 2010-06-20 | 5.0 MEDIUM | N/A |
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet. | |||||
CVE-2010-0525 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-20 | 5.0 MEDIUM | N/A |
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | |||||
CVE-2010-0521 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-20 | 5.0 MEDIUM | N/A |
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | |||||
CVE-2010-0535 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-20 | 6.5 MEDIUM | N/A |
Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2010-1380 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 7.5 HIGH | N/A |
Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. | |||||
CVE-2010-1379 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 5.0 MEDIUM | N/A |
Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | |||||
CVE-2010-1377 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 9.3 HIGH | N/A |
Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. | |||||
CVE-2010-1376 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | |||||
CVE-2010-1375 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 7.2 HIGH | N/A |
NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2010-0537 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 2.6 LOW | N/A |
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | |||||
CVE-2010-1382 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | |||||
CVE-2010-1381 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.5 LOW | N/A |
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. | |||||
CVE-2010-1374 | 2 Aol, Apple | 3 Aim, Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. | |||||
CVE-2010-0546 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 3.3 LOW | N/A |
Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | |||||
CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 6.8 MEDIUM | N/A |
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding. | |||||
CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.4 MEDIUM | N/A |
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | |||||
CVE-2010-1373 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-06-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." | |||||
CVE-2010-0524 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2010-05-20 | 7.5 HIGH | N/A |
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. |