Apple macOS vulnerabilities

CVE-2010-0517 [MEDIUM] CWE-119 CVE-2010-0517: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of

CVE-2010-0519 [MEDIUM] CWE-189 CVE-2010-0519: Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arb Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

CVE-2010-0526 [MEDIUM] CWE-119 CVE-2010-0526: Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression.

CVE-2010-0505 [MEDIUM] CWE-119 CVE-2010-0505: Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to exe Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.

CVE-2010-0534 [MEDIUM] CWE-264 CVE-2010-0534: Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (S Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.

CVE-2009-2801 [MEDIUM] CWE-264 CVE-2009-2801: The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, w The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

CVE-2010-0515 [MEDIUM] CWE-119 CVE-2010-0515: QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.

CVE-2010-0516 [MEDIUM] CWE-119 CVE-2010-0516: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.

CVE-2010-0513 [MEDIUM] CWE-119 CVE-2010-0513: Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.

CVE-2010-0520 [MEDIUM] CWE-119 CVE-2010-0520: Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 al Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.

CVE-2010-0062 [MEDIUM] CWE-119 CVE-2010-0062: Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6 Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.

CVE-2010-0063 [MEDIUM] CVE-2010-0063: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url e

CVE-2010-0525 [MEDIUM] CWE-310 CVE-2010-0525: Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during proces Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.

CVE-2010-0058 [MEDIUM] CWE-16 CVE-2010-0058: freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd. freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

CVE-2010-0535 [MEDIUM] CWE-264 CVE-2010-0535: Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce th Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

CVE-2010-0514 [MEDIUM] CWE-119 CVE-2010-0514: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.

CVE-2010-0497 [MEDIUM] CVE-2010-0497: Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

CVE-2010-0537 [LOW] CWE-264 CVE-2010-0537: DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.

CVE-2010-1119 [CRITICAL] CWE-399 CVE-2010-1119: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute man

CVE-2010-0302 [HIGH] CVE-2010-0302: Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, re