CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2010 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4010 189 Exec Code 2010-11-16 2010-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.
2 CVE-2010-4009 189 DoS Exec Code Overflow 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
3 CVE-2010-3832 119 Exec Code Overflow 2010-11-26 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
4 CVE-2010-3826 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
5 CVE-2010-3824 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.
6 CVE-2010-3823 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
7 CVE-2010-3822 119 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
8 CVE-2010-3821 119 DoS Exec Code Overflow Mem. Corr. 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
9 CVE-2010-3820 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
10 CVE-2010-3819 94 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
11 CVE-2010-3818 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving inline text boxes.
12 CVE-2010-3817 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) 3D transforms, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
13 CVE-2010-3816 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
14 CVE-2010-3812 189 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
15 CVE-2010-3811 399 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element attributes.
16 CVE-2010-3809 94 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of inline styling, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
17 CVE-2010-3808 94 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of editing commands, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
18 CVE-2010-3805 189 DoS Exec Code 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving WebSockets. NOTE: this may overlap CVE-2010-3254.
19 CVE-2010-3803 189 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
20 CVE-2010-3802 189 DoS Exec Code Mem. Corr. 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.
21 CVE-2010-3801 119 DoS Exec Code Overflow Mem. Corr. 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
22 CVE-2010-3800 119 DoS Exec Code Overflow Mem. Corr. 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
23 CVE-2010-3798 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.
24 CVE-2010-3795 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
25 CVE-2010-3794 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
26 CVE-2010-3793 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.
27 CVE-2010-3792 189 DoS Exec Code 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
28 CVE-2010-3791 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
29 CVE-2010-3790 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2011-07-01
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.
30 CVE-2010-3789 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.
31 CVE-2010-3788 20 DoS Exec Code 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.
32 CVE-2010-3787 119 DoS Exec Code Overflow 2010-11-16 2010-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
33 CVE-2010-3786 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2011-10-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.
34 CVE-2010-3785 119 DoS Exec Code Overflow 2010-11-16 2011-10-20
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.
35 CVE-2010-3257 399 DoS Exec Code 2010-09-07 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
36 CVE-2010-3116 399 DoS Exec Code 2010-08-24 2011-07-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.
37 CVE-2010-2941 399 DoS Exec Code 2010-11-05 2013-05-14
7.9
None Local Network Medium Not required Complete Complete Complete
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
38 CVE-2010-1939 399 Exec Code 2010-05-13 2010-08-21
7.6
None Remote High Not required Complete Complete Complete
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
39 CVE-2010-1846 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.
40 CVE-2010-1845 20 DoS Exec Code Mem. Corr. 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
41 CVE-2010-1842 119 DoS Exec Code Overflow 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.
42 CVE-2010-1841 20 DoS Exec Code Mem. Corr. 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.
43 CVE-2010-1840 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
44 CVE-2010-1837 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.
45 CVE-2010-1836 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
46 CVE-2010-1833 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.
47 CVE-2010-1832 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.
48 CVE-2010-1831 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.
49 CVE-2010-1829 22 Exec Code Dir. Trav. 2010-11-15 2010-12-10
6.0
None Remote Medium Single system Partial Partial Partial
Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.
50 CVE-2010-1822 189 DoS Exec Code 2010-10-04 2011-07-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG element in a non-SVG document.
Total number of vulnerabilities : 165   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.