Apple macOS vulnerabilities

CVE-2010-3791 [MEDIUM] CWE-119 CVE-2010-3791: Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execu Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

CVE-2010-3790 [MEDIUM] CWE-119 CVE-2010-3790: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.

CVE-2010-1845 [MEDIUM] CWE-20 CVE-2010-1845: ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitra ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.

CVE-2010-3785 [MEDIUM] CWE-119 CVE-2010-3785: Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attacke Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.

CVE-2010-3795 [MEDIUM] CWE-119 CVE-2010-3795: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

CVE-2010-3787 [MEDIUM] CWE-119 CVE-2010-3787: Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

CVE-2010-4010 [MEDIUM] CWE-189 CVE-2010-4010: Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attacke Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

CVE-2010-3798 [MEDIUM] CWE-119 CVE-2010-3798: Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

CVE-2010-3789 [MEDIUM] CWE-119 CVE-2010-3789: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.

CVE-2010-1847 [MEDIUM] CWE-399 CVE-2010-1847: The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associ The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.

CVE-2010-3794 [MEDIUM] CWE-119 CVE-2010-3794: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

CVE-2010-1841 [CRITICAL] CWE-20 CVE-2010-1841: Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arb Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.

CVE-2010-1378 [CRITICAL] CWE-295 CVE-2010-1378: OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows re OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

CVE-2010-1842 [CRITICAL] CWE-119 CVE-2010-1842: Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.

CVE-2010-1840 [HIGH] CWE-119 CVE-2010-1840: Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2010-1836 [MEDIUM] CWE-119 CVE-2010-1836: Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

CVE-2010-1803 [MEDIUM] CVE-2010-1803: Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its rem Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

CVE-2010-1828 [MEDIUM] CWE-20 CVE-2010-1828: AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a deni AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

CVE-2010-1834 [MEDIUM] CWE-20 CVE-2010-1834: CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

CVE-2010-1831 [MEDIUM] CWE-119 CVE-2010-1831: Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allow Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.