Vulnerabilities > Apple > MAC OS X > 10.5.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-11 | CVE-2010-1392 | Resource Management Errors vulnerability in Apple Safari and Webkit Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to HTML buttons and the first-letter CSS style. | 9.3 |
| 2010-06-11 | CVE-2010-1391 | Path Traversal vulnerability in Apple Safari and Webkit Multiple directory traversal vulnerabilities in the (a) Local Storage and (b) Web SQL database implementations in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allow remote attackers to create arbitrary database files via vectors involving a (1) %2f and .. | 4.3 |
| 2010-06-11 | CVE-2010-1390 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to improper UTF-7 canonicalization, and lack of termination of a quoted string in an HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1389 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag-and-drop operation for a selection. | 4.3 |
| 2010-06-11 | CVE-2010-1388 | Information Exposure vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard (1) drag and (2) paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document. | 4.3 |
| 2010-06-11 | CVE-2010-1385 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | 9.3 |
| 2010-06-11 | CVE-2010-1384 | Information Exposure vulnerability in Apple Safari Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL. | 4.3 |
| 2010-05-21 | CVE-2010-0539 | Numeric Errors vulnerability in Apple Java 1.5 and Java 1.6 Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. | 6.8 |
| 2010-05-21 | CVE-2010-0538 | Resource Management Errors vulnerability in Apple Java Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. | 6.8 |
| 2010-03-31 | CVE-2010-0531 | Resource Management Errors vulnerability in Apple Itunes Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | 4.3 |