Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-13 | CVE-2009-2842 | Information Disclosure vulnerability in Apple Safari Shortcut Menu Options Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. network apple | 4.3 |
| 2009-11-13 | CVE-2009-2841 | Unspecified vulnerability in Apple Safari The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. | 5.0 |
| 2009-11-13 | CVE-2009-2816 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | 6.8 |
| 2009-11-10 | CVE-2009-2840 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2009-006 Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | 4.9 |
| 2009-11-10 | CVE-2009-2839 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 6.8 |
| 2009-11-10 | CVE-2009-2838 | Numeric Errors vulnerability in Apple mac OS X 10.5.8 Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow. | 6.8 |
| 2009-11-10 | CVE-2009-2837 | Buffer Errors vulnerability in Apple mac OS X 10.5.8/10.6/10.6.1 Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 6.8 |
| 2009-11-10 | CVE-2009-2836 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors. | 6.2 |
| 2009-11-10 | CVE-2009-2835 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | 4.6 |
| 2009-11-10 | CVE-2009-2834 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | 4.9 |