Vulnerabilities > Apple > MAC OS X > 10.3

DATE CVE VULNERABILITY TITLE RISK
2010-03-30 CVE-2010-0500 Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
network
low complexity
apple CWE-20
7.8
2010-03-30 CVE-2010-0498 Improper Authentication vulnerability in Apple mac OS X and mac OS X Server
Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.
local
low complexity
apple CWE-287
7.2
2010-03-30 CVE-2010-0497 Unspecified vulnerability in Apple mac OS X and mac OS X Server
Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.
network
apple
6.8
2010-03-30 CVE-2010-0065 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server
Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.
network
apple CWE-119
6.8
2010-03-30 CVE-2010-0063 Unspecified vulnerability in Apple mac OS X and mac OS X Server
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.
network
apple
6.8
2010-03-30 CVE-2010-0533 Path Traversal vulnerability in Apple mac OS X and mac OS X Server
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
network
low complexity
apple CWE-22
7.5
2010-03-30 CVE-2010-0057 Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
network
low complexity
apple CWE-264
7.5
2010-03-05 CVE-2010-0302 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.
network
low complexity
apple fedoraproject canonical redhat CWE-416
7.5
2010-03-03 CVE-2010-0205 Resource Exhaustion vulnerability in multiple products
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
4.3
2009-11-20 CVE-2009-3553 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.
7.5