Vulnerabilities > Apple > MAC OS X > 10.1.4

DATE CVE VULNERABILITY TITLE RISK
2010-11-05 CVE-2010-2941 Use After Free vulnerability in multiple products
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
network
low complexity
apple fedoraproject canonical debian opensuse suse redhat CWE-416
critical
9.8
2010-06-22 CVE-2010-1637 Server-Side Request Forgery (SSRF) vulnerability in multiple products
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
network
low complexity
squirrelmail fedoraproject apple redhat CWE-918
6.5
2010-03-05 CVE-2010-0302 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.
network
low complexity
apple fedoraproject canonical redhat CWE-416
7.5
2009-11-20 CVE-2009-3553 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.
7.5
2009-08-11 CVE-2009-2416 Use After Free vulnerability in multiple products
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework.
6.5
2009-06-09 CVE-2009-0949 Use of Uninitialized Resource vulnerability in multiple products
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
network
low complexity
apple canonical debian opensuse suse CWE-908
7.5
2009-06-08 CVE-2009-1955 XML Entity Expansion vulnerability in multiple products
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7.5
2008-11-21 CVE-2008-5183 NULL Pointer Dereference vulnerability in multiple products
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference.
network
low complexity
apple opensuse debian CWE-476
7.5
2008-08-01 CVE-2008-3438 Download of Code Without Integrity Check vulnerability in Apple mac OS X
Apple Mac OS X does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
network
high complexity
apple CWE-494
8.1
2008-05-05 CVE-2008-0599 Incorrect Calculation of Buffer Size vulnerability in multiple products
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
network
low complexity
php fedoraproject canonical apple CWE-131
critical
9.8