Filtered by vendor Apple Subscriptions
Filtered by product Mac Os X Server Subscriptions
Total 817 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-0524 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message.
CVE-2010-0523 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.
CVE-2010-0522 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
CVE-2010-0521 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Server Admin in Apple Mac OS X Server before 10.6.3 does not properly enforce authentication for directory binding, which allows remote attackers to obtain potentially sensitive information from Open Directory via unspecified LDAP requests.
CVE-2010-0520 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.
CVE-2010-0519 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
CVE-2010-0518 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with Sorenson encoding.
CVE-2010-0517 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with M-JPEG encoding, which causes QuickTime to calculate a buffer size using height and width fields, but to use a different field to control the length of a copy operation.
CVE-2010-0516 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.
CVE-2010-0515 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.
CVE-2010-0514 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.
CVE-2010-0513 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.
CVE-2010-0512 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials.
CVE-2010-0511 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors.
CVE-2010-0510 1 Apple 1 Mac Os X Server 2024-11-21 N/A
Password Server in Apple Mac OS X Server before 10.6.3 does not properly perform password replication, which might allow remote authenticated users to obtain login access via an expired password.
CVE-2010-0509 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local users to gain privileges via vectors related to use of wheel group membership during access to the home directories of user accounts.
CVE-2010-0508 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
CVE-2010-0507 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PEF image.
CVE-2010-0506 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted NEF image.
CVE-2010-0505 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 N/A
Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.