Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-31 | CVE-2010-3190 | Untrusted Search Path vulnerability in multiple products Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1; Visual Studio 2005 SP1, 2008 SP1, and 2010; Visual C++ 2005 SP1, 2008 SP1, and 2010; and Exchange Server 2010 Service Pack 3, 2013, and 2013 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory during execution of an MFC application such as AtlTraceTool8.exe (aka ATL MFC Trace Tool), as demonstrated by a directory that contains a TRC, cur, rs, rct, or res file, aka "MFC Insecure Library Loading Vulnerability." Per: https://technet.microsoft.com/en-us/security/bulletin/ms11-025 Access Vector: Network per "This is a remote code execution vulnerability" Per: http://cwe.mitre.org/data/definitions/426.html CWE-426: Untrusted Search Path | 9.3 |
2010-08-31 | CVE-2010-1818 | Access of Uninitialized Pointer vulnerability in Apple Quicktime The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. | 9.3 |
2010-08-25 | CVE-2010-2711 | Unspecified vulnerability in HP Magcloud Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. | 6.4 |
2010-08-25 | CVE-2010-1808 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Type Services, mac OS X and mac OS X Server Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | 6.8 |
2010-08-25 | CVE-2010-1802 | Improper Authentication vulnerability in Apple Libsecurity, mac OS X and mac OS X Server libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly perform comparisons to domain-name strings in X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a certificate associated with a similar domain name, as demonstrated by use of a www.example.con certificate to spoof www.example.com. | 6.4 |
2010-08-25 | CVE-2010-1801 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Coregraphics, mac OS X and mac OS X Server Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file. | 6.8 |
2010-08-25 | CVE-2010-1800 | Information Exposure vulnerability in Apple Cfnetwork, mac OS X and mac OS X Server CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. | 5.0 |
2010-08-24 | CVE-2010-3116 | USE After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins. | 10.0 |
2010-08-20 | CVE-2010-1795 | DLL Loading Arbitrary Code Execution vulnerability in Apple iTunes Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | 9.3 |
2010-08-20 | CVE-2010-1768 | Local Privilege Escalation vulnerability in Apple iTunes Log File Insecure File Operation Unspecified vulnerability in Apple iTunes before 9.1 allows local users to gain console privileges via vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. local apple | 6.9 |