Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-21 | CVE-2009-3273 | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |
| 2009-09-21 | CVE-2009-3272 | Resource Management Errors vulnerability in Apple Safari Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | 5.0 |
| 2009-09-21 | CVE-2009-3271 | Improper Input Validation vulnerability in Apple Iphone OS and Safari Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | 4.3 |
| 2009-09-15 | CVE-2009-2201 | Cryptographic Issues vulnerability in Apple Xsan 1.0/1.2/1.3 The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. | 2.1 |
| 2009-09-14 | CVE-2009-2814 | Cross-Site Scripting vulnerability in Apple mac OS X Server 10.5.8 Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | 4.3 |
| 2009-09-14 | CVE-2009-2813 | Permissions, Privileges, and Access Controls vulnerability in multiple products Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. | 6.0 |
| 2009-09-14 | CVE-2009-2812 | Remote Code Execution vulnerability in Apple Mac OS X Launch Services Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. network apple | 6.8 |
| 2009-09-14 | CVE-2009-2811 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | 6.8 |
| 2009-09-14 | CVE-2009-2809 | Code Injection vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues." | 6.8 |
| 2009-09-14 | CVE-2009-2807 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | 7.2 |