Vulnerabilities > Apple > MAC OS X > 10.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-30 | CVE-2010-0500 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue." | 7.8 |
2010-03-30 | CVE-2010-0498 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors. | 7.2 |
2010-03-30 | CVE-2010-0497 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type. network apple | 6.8 |
2010-03-30 | CVE-2010-0065 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression. | 6.8 |
2010-03-30 | CVE-2010-0063 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions. network apple | 6.8 |
2010-03-30 | CVE-2010-0533 | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors. | 7.5 |
2010-03-30 | CVE-2010-0057 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request. | 7.5 |
2010-03-05 | CVE-2010-0302 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
2010-03-03 | CVE-2010-0205 | Resource Exhaustion vulnerability in multiple products The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | 4.3 |
2009-11-20 | CVE-2009-3553 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |