Apple macOS vulnerabilities

CVE-2010-0205 [MEDIUM] CWE-400 CVE-2010-0205: The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang)

CVE-2010-0037 [HIGH] CWE-119 CVE-2010-0037: Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.

CVE-2010-0036 [HIGH] CWE-119 CVE-2010-0036: Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.

CVE-2009-2843 [MEDIUM] CWE-310 CVE-2009-2843: Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for app Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

CVE-2009-4017 [MEDIUM] CWE-770 CVE-2009-4017: PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created whe PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to

CVE-2009-3553 [HIGH] CWE-416 CVE-2009-3553: Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly

CVE-2009-2819 [CRITICAL] CWE-399 CVE-2009-2819: AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a d AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.

CVE-2009-2833 [HIGH] CWE-119 CVE-2009-2833: Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2009-2828 [HIGH] CWE-399 CVE-2009-2828: The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

CVE-2009-2808 [MEDIUM] CWE-310 CVE-2009-2808: Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.

CVE-2009-2838 [MEDIUM] CWE-189 CVE-2009-2838: Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

CVE-2009-2840 [MEDIUM] CVE-2009-2840: Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local user Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

CVE-2009-2824 [MEDIUM] CWE-119 CVE-2009-2824: Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attacke Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.

CVE-2009-2835 [MEDIUM] CWE-20 CVE-2009-2835: The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allow The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.

CVE-2009-2837 [MEDIUM] CWE-119 CVE-2009-2837: Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attack Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

CVE-2009-2810 [MEDIUM] CVE-2009-2810: Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upo Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.

CVE-2009-2827 [MEDIUM] CWE-119 CVE-2009-2827: Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attac Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

CVE-2009-2823 [MEDIUM] CWE-79 CVE-2009-2823: The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows r The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.

CVE-2009-2825 [MEDIUM] CVE-2009-2825: Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408

CVE-2009-2820 [MEDIUM] CWE-79 CVE-2009-2820: The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configurati