Vulnerabilities > Apple > MAC OS X
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-06-17 | CVE-2010-1382 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | 3.5 |
2010-06-17 | CVE-2010-1381 | Configuration vulnerability in Apple mac OS X and mac OS X Server The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. | 3.5 |
2010-06-17 | CVE-2010-1380 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. | 7.5 |
2010-06-17 | CVE-2010-1379 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | 5.0 |
2010-06-17 | CVE-2010-1377 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. | 9.3 |
2010-06-17 | CVE-2010-1376 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | 6.8 |
2010-06-17 | CVE-2010-1375 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | 7.2 |
2010-06-17 | CVE-2010-1374 | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, when AIM is used, allows remote attackers to create arbitrary files via directory traversal sequences in an inline image-transfer operation. | 4.3 |
2010-06-17 | CVE-2010-1373 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content." | 4.3 |
2010-06-17 | CVE-2010-0546 | Link Following vulnerability in Apple mac OS X and mac OS X Server Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows local users to delete arbitrary folders via a symlink attack in conjunction with an unmount operation on a crafted volume, related to the Cleanup At Startup folder. | 3.3 |