Apple macOS vulnerabilities

CVE-2010-1382 [LOW] CWE-79 CVE-2010-1382: Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10 Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.

CVE-2010-0105 [MEDIUM] CVE-2010-0105: The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to dire The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the disk

CVE-2010-0512 [CRITICAL] CWE-264 CVE-2010-0512: The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.

CVE-2010-0508 [CRITICAL] CVE-2010-0508: Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mai Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.

CVE-2010-0055 [CRITICAL] CVE-2010-0055: xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers t xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

CVE-2010-0533 [HIGH] CWE-22 CVE-2010-0533: Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attack Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

CVE-2010-0498 [HIGH] CWE-287 CVE-2010-0498: Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during pr Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.

CVE-2010-0500 [HIGH] CWE-20 CVE-2010-0500: Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, w Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."

CVE-2010-0057 [HIGH] CWE-264 CVE-2010-0057: AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest acces AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

CVE-2010-0509 [HIGH] CWE-264 CVE-2010-0509: SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via v SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.

CVE-2010-0524 [HIGH] CWE-264 CVE-2010-0524: The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EA The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.

CVE-2010-0056 [MEDIUM] CWE-119 CVE-2010-0056: Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remo Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

CVE-2010-0065 [MEDIUM] CWE-119 CVE-2010-0065: Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitra Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

CVE-2010-0507 [MEDIUM] CWE-119 CVE-2010-0507: Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbi Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.

CVE-2010-0064 [MEDIUM] CWE-264 CVE-2010-0064: DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticate DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

CVE-2010-0521 [MEDIUM] CWE-287 CVE-2010-0521: Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for dir Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.

CVE-2010-0059 [MEDIUM] CWE-119 CVE-2010-0059: CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.

CVE-2010-0506 [MEDIUM] CWE-119 CVE-2010-0506: Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary c Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.

CVE-2010-0518 [MEDIUM] CWE-119 CVE-2010-0518: QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.

CVE-2010-0060 [MEDIUM] CWE-119 CVE-2010-0060: CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.