Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-10 | CVE-2009-2794 | Race Condition vulnerability in Apple Iphone OS The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | 4.6 |
| 2009-09-10 | CVE-2009-2207 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS 3.0/3.0.1 The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | 2.1 |
| 2009-09-10 | CVE-2009-2206 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. | 6.8 |
| 2009-09-10 | CVE-2009-2203 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. | 9.3 |
| 2009-09-10 | CVE-2009-2202 | Arbitrary Code Execution vulnerability in Apple QuickTime Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | 9.3 |
| 2009-09-09 | CVE-2009-2205 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 6.8 |
| 2009-08-31 | CVE-2009-3016 | Cross-Site Scripting vulnerability in Apple Safari 4.0.3 Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | 4.3 |
| 2009-08-21 | CVE-2009-2474 | Inadequate Encryption Strength vulnerability in multiple products neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 5.8 |
| 2009-08-12 | CVE-2009-2200 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | 7.1 |
| 2009-08-12 | CVE-2009-2199 | Unspecified vulnerability in Apple Safari Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. network apple | 5.8 |