Apple Mac Os X Server vulnerabilities

CVE-2010-3791 [MEDIUM] CWE-119 CVE-2010-3791: Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execu Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

CVE-2010-3783 [MEDIUM] CWE-264 CVE-2010-3783: Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replicat Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.

CVE-2010-3790 [MEDIUM] CWE-119 CVE-2010-3790: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.

CVE-2010-1845 [MEDIUM] CWE-20 CVE-2010-1845: ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitra ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.

CVE-2010-3785 [MEDIUM] CWE-119 CVE-2010-3785: Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attacke Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.

CVE-2010-3795 [MEDIUM] CWE-119 CVE-2010-3795: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

CVE-2010-3787 [MEDIUM] CWE-119 CVE-2010-3787: Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attacke Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

CVE-2010-4010 [MEDIUM] CWE-189 CVE-2010-4010: Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attacke Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

CVE-2010-3798 [MEDIUM] CWE-119 CVE-2010-3798: Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

CVE-2010-3789 [MEDIUM] CWE-119 CVE-2010-3789: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code o QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.

CVE-2010-1847 [MEDIUM] CWE-399 CVE-2010-1847: The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associ The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.

CVE-2010-3794 [MEDIUM] CWE-119 CVE-2010-3794: QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during proc QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

CVE-2010-3797 [LOW] CWE-79 CVE-2010-3797: Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 1 Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2010-1841 [CRITICAL] CWE-20 CVE-2010-1841: Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arb Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.

CVE-2010-1378 [CRITICAL] CWE-295 CVE-2010-1378: OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows re OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

CVE-2010-1842 [CRITICAL] CWE-119 CVE-2010-1842: Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.

CVE-2010-1840 [HIGH] CWE-119 CVE-2010-1840: Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

CVE-2010-1836 [MEDIUM] CWE-119 CVE-2010-1836: Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

CVE-2010-1803 [MEDIUM] CVE-2010-1803: Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its rem Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

CVE-2010-1828 [MEDIUM] CWE-20 CVE-2010-1828: AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a deni AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.