CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2010 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4009 189 DoS Exec Code Overflow 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
2 CVE-2010-4008 119 DoS Overflow 2010-11-16 2013-02-06
4.3
None Remote Medium Not required None None Partial
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
3 CVE-2010-3832 119 Exec Code Overflow 2010-11-26 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
4 CVE-2010-3822 119 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
5 CVE-2010-3821 119 DoS Exec Code Overflow Mem. Corr. 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets (CSS) token sequence, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
6 CVE-2010-3812 189 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Text::wholeText method in dom/Text.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Text objects.
7 CVE-2010-3803 189 DoS Exec Code Overflow 2010-11-22 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string.
8 CVE-2010-3801 119 DoS Exec Code Overflow Mem. Corr. 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.
9 CVE-2010-3800 119 DoS Exec Code Overflow Mem. Corr. 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.
10 CVE-2010-3798 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.
11 CVE-2010-3795 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
12 CVE-2010-3794 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
13 CVE-2010-3793 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.
14 CVE-2010-3791 119 DoS Exec Code Overflow 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.
15 CVE-2010-3790 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2011-07-01
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.
16 CVE-2010-3789 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2010-12-11
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.
17 CVE-2010-3787 119 DoS Exec Code Overflow 2010-11-16 2010-12-18
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
18 CVE-2010-3786 119 DoS Exec Code Overflow Mem. Corr. 2010-11-16 2011-10-20
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.
19 CVE-2010-3785 119 DoS Exec Code Overflow 2010-11-16 2011-10-20
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.
20 CVE-2010-2973 264 1 Overflow +Priv 2010-08-05 2010-08-18
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
21 CVE-2010-1846 119 DoS Exec Code Overflow 2010-11-16 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.
22 CVE-2010-1842 119 DoS Exec Code Overflow 2010-11-15 2011-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.
23 CVE-2010-1840 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
24 CVE-2010-1837 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2011-01-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.
25 CVE-2010-1836 119 DoS Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
26 CVE-2010-1833 119 DoS Exec Code Overflow Mem. Corr. 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.
27 CVE-2010-1832 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.
28 CVE-2010-1831 119 Exec Code Overflow 2010-11-15 2010-12-10
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.
29 CVE-2010-1817 119 DoS Exec Code Overflow 2010-09-09 2012-03-30
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
30 CVE-2010-1814 119 DoS Exec Code Overflow Mem. Corr. 2010-09-09 2012-03-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
31 CVE-2010-1813 119 DoS Exec Code Overflow Mem. Corr. 2010-09-09 2012-03-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
32 CVE-2010-1811 119 DoS Exec Code Overflow Mem. Corr. 2010-09-09 2012-03-30
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
33 CVE-2010-1808 119 DoS Exec Code Overflow 2010-08-25 2010-08-26
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
34 CVE-2010-1801 119 DoS Exec Code Overflow 2010-08-25 2010-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file.
35 CVE-2010-1799 119 DoS Exec Code Overflow 2010-08-16 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
36 CVE-2010-1797 119 1 DoS Exec Code Overflow Mem. Corr. 2010-08-16 2012-12-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
37 CVE-2010-1792 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.
38 CVE-2010-1789 119 DoS Exec Code Overflow 2010-07-30 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
39 CVE-2010-1788 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.
40 CVE-2010-1787 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.
41 CVE-2010-1785 119 DoS Exec Code Overflow 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.
42 CVE-2010-1784 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
43 CVE-2010-1783 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
44 CVE-2010-1782 119 DoS Exec Code Overflow Mem. Corr. 2010-07-30 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.
45 CVE-2010-1777 119 DoS Exec Code Overflow 2010-07-30 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.
46 CVE-2010-1774 119 DoS Exec Code Overflow 2010-06-11 2011-03-17
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses out-of-bounds memory during processing of HTML tables, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
47 CVE-2010-1753 119 DoS Exec Code Overflow Mem. Corr. 2010-06-22 2010-06-26
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
48 CVE-2010-1752 119 DoS Exec Code Overflow 2010-06-22 2010-11-18
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
49 CVE-2010-1748 119 Overflow +Info 2010-06-17 2013-05-29
4.3
None Remote Medium Not required Partial None None
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
50 CVE-2010-1508 119 DoS Exec Code Overflow 2010-12-09 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
Total number of vulnerabilities : 84   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.