Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-19 | CVE-2010-1760 | Credentials Management vulnerability in Apple Webkit loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | 10.0 |
2010-08-19 | CVE-2010-1386 | Permissions, Privileges, and Access Controls vulnerability in Apple Webkit page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | 10.0 |
2010-08-19 | CVE-2010-2807 | Incorrect Conversion Between Numeric Types vulnerability in multiple products FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2805 | Improper Input Validation vulnerability in multiple products The FT_Stream_EnterFrame function in base/ftstream.c in FreeType before 2.4.2 does not properly validate certain position values, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-19 | CVE-2010-2520 | Out-Of-Bounds Write vulnerability in multiple products Heap-based buffer overflow in the Ins_IUP function in truetype/ttinterp.c in FreeType before 2.4.0, when TrueType bytecode support is enabled, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 5.1 |
2010-08-19 | CVE-2010-2499 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted LaserWriter PS font file with an embedded PFB fragment. | 6.8 |
2010-08-19 | CVE-2010-2498 | Out-Of-Bounds Write vulnerability in multiple products The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. | 6.8 |
2010-08-19 | CVE-2010-2497 | Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products Integer underflow in glyph handling in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | 6.8 |
2010-08-16 | CVE-2010-1799 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 9.3 |
2010-08-16 | CVE-2010-1797 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. | 9.3 |