Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-18 | CVE-2010-1387 | Resource Management Errors vulnerability in Apple Itunes Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. | 9.3 |
| 2010-06-17 | CVE-2010-1748 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. | 4.3 |
| 2010-06-17 | CVE-2010-1411 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. | 6.8 |
| 2010-06-17 | CVE-2010-1382 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field. | 3.5 |
| 2010-06-17 | CVE-2010-1381 | Configuration vulnerability in Apple mac OS X and mac OS X Server The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. | 3.5 |
| 2010-06-17 | CVE-2010-1380 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes. | 7.5 |
| 2010-06-17 | CVE-2010-1379 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | 5.0 |
| 2010-06-17 | CVE-2010-1377 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors. | 9.3 |
| 2010-06-17 | CVE-2010-1376 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL. | 6.8 |
| 2010-06-17 | CVE-2010-1375 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does not have the expected authorization requirements, which allows local users to gain privileges via unspecified vectors. | 7.2 |