Mac Os X

mac_os_x

Vendor: Apple • 3,210 CVEs

CVEs (3,210)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-2807 3Apple CanonicalFreetype 5Freetype Iphone OsMac Os X+2 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-2806 3Apple CanonicalFreetype 5Freetype Iphone OsMac Os X+2 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative siz...Show more Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.Show less
CVE-2010-2805 3Apple CanonicalFreetype 5Freetype Iphone OsMac Os X+2 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly...Show more The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.Show less
CVE-2010-2520 4Apple CanonicalDebian+1 more 4Debian Linux FreetypeMac Os X+1 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or p...Show more Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.Show less
CVE-2010-2519 4Apple CanonicalDebian+1 more 4Debian Linux FreetypeMac Os X+1 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via...Show more Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file.Show less
CVE-2010-2500 4Apple CanonicalDebian+1 more 4Debian Linux FreetypeMac Os X+1 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted fon...Show more Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.Show less
CVE-2010-2499 4Apple CanonicalDebian+1 more 4Debian Linux FreetypeMac Os X+1 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted L...Show more Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment.Show less
CVE-2010-2498 4Apple CanonicalDebian+1 more 4Debian Linux FreetypeMac Os X+1 more Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and a...Show more The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation.Show less
CVE-2010-2497 3Apple DebianFreetype 3Debian Linux FreetypeMac Os X Apr 29, 2026 Aug 19, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.
CVE-2010-1794 1Apple 1Mac Os X Apr 29, 2026 Aug 2, 2010 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the p...Show more The webdav_mount function in webdav_vfsops.c in the WebDAV kernel extension (aka webdav_fs.kext) for Mac OS X 10.6 allows local users to cause a denial of service (panic) via a mount request with a large integer in the pa_socket_namelen field.Show less
CVE-2010-0211 4Apple OpenldapOpensuse+1 more 5Esxi Mac Os XMac Os X Server+2 more Apr 29, 2026 Jul 28, 2010 N/A· v4 9.8 CRITICAL· v3 5.0 MEDIUM· v2 The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and po...Show more The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.Show less
CVE-2010-1205 10Apple CanonicalDebian+7 more 17Chrome Debian LinuxFedora+14 more Apr 29, 2026 Jun 30, 2010 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data r...Show more Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.Show less
CVE-2010-1637 4Apple FedoraprojectRedhat+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 29, 2026 Jun 22, 2010 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
CVE-2010-1411 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to...Show more Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.Show less
CVE-2010-1382 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack...Show more Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.Show less
CVE-2010-1381 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 3.5 LOW· v2 The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbo...Show more The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926.Show less
CVE-2010-1380 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to pa...Show more Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.Show less
CVE-2010-1379 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a U...Show more Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name.Show less
CVE-2010-1377 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute a...Show more Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an unencrypted connection upon certain SSL failures, which allows man-in-the-middle attackers to spoof arbitrary network account servers, and possibly execute arbitrary code, via unspecified vectors.Show less
CVE-2010-1376 1Apple 2Mac Os X Mac Os X Server Apr 29, 2026 Jun 17, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string spe...Show more Multiple format string vulnerabilities in Network Authorization in Apple Mac OS X 10.6 before 10.6.4 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) afp, (2) cifs, or (3) smb URL.Show less

Previous 1...126127128...161 Next