Vulnerabilities > Apple > MAC OS X Server > 10.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-30 | CVE-2010-0537 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name. | 2.6 |
| 2010-03-30 | CVE-2010-0535 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 6.5 |
| 2010-03-30 | CVE-2010-0534 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | 4.0 |
| 2010-03-30 | CVE-2010-0526 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. | 4.3 |
| 2010-03-30 | CVE-2010-0525 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message. | 5.0 |
| 2010-03-30 | CVE-2010-0524 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | 7.5 |
| 2010-03-30 | CVE-2010-0521 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests. | 5.0 |
| 2010-03-30 | CVE-2010-0520 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression. | 6.8 |
| 2010-03-30 | CVE-2010-0519 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. | 6.8 |
| 2010-03-30 | CVE-2010-0518 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding. | 6.8 |