Apple Mac Os X Server vulnerabilities

CVE-2010-0534 [MEDIUM] CWE-264 CVE-2010-0534: Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (S Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests.

CVE-2009-2801 [MEDIUM] CWE-264 CVE-2009-2801: The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, w The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

CVE-2010-0515 [MEDIUM] CWE-119 CVE-2010-0515: QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.

CVE-2010-0516 [MEDIUM] CWE-119 CVE-2010-0516: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.

CVE-2010-0513 [MEDIUM] CWE-119 CVE-2010-0513: Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.

CVE-2010-0520 [MEDIUM] CWE-119 CVE-2010-0520: Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 al Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.

CVE-2010-0062 [MEDIUM] CWE-119 CVE-2010-0062: Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6 Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.

CVE-2010-0503 [MEDIUM] CWE-399 CVE-2010-0503: Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authentic Use-after-free vulnerability in iChat Server in Apple Mac OS X Server 10.5.8 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2010-0511 [MEDIUM] CWE-264 CVE-2010-0511: Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast C Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.

CVE-2010-0063 [MEDIUM] CVE-2010-0063: Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url e

CVE-2010-0525 [MEDIUM] CWE-310 CVE-2010-0525: Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during proces Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly encrypted e-mail message.

CVE-2010-0058 [MEDIUM] CWE-16 CVE-2010-0058: freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd. freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

CVE-2010-0535 [MEDIUM] CWE-264 CVE-2010-0535: Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce th Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.

CVE-2010-0514 [MEDIUM] CWE-119 CVE-2010-0514: Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to e Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.

CVE-2010-0497 [MEDIUM] CVE-2010-0497: Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

CVE-2010-0537 [LOW] CWE-264 CVE-2010-0537: DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.

CVE-2010-1119 [CRITICAL] CWE-399 CVE-2010-1119: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute man

CVE-2010-0302 [HIGH] CVE-2010-0302: Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, re

CVE-2010-0037 [HIGH] CWE-119 CVE-2010-0037: Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.

CVE-2010-0036 [HIGH] CWE-119 CVE-2010-0036: Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.