Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-10 | CVE-2008-3641 | Resource Management Errors vulnerability in Apple Cups The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | 10.0 |
2008-10-08 | CVE-2008-4491 | Information Exposure vulnerability in Apple Mail 3.5 Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | 5.0 |
2008-10-01 | CVE-2008-4368 | Cryptographic Issues vulnerability in Apple mac OS X 10.5.4/10.5.5 The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | 5.0 |
2008-09-26 | CVE-2008-3638 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs. | 9.3 |
2008-09-26 | CVE-2008-3637 | Improper Initialization vulnerability in Apple mac OS X and mac OS X Server The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking issue." | 8.8 |
2008-09-18 | CVE-2008-4116 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Itunes and Quicktime Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | 9.3 |
2008-09-16 | CVE-2008-3950 | Numeric Errors vulnerability in Apple Iphone, Ipod Touch and Safari Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | 5.0 |
2008-09-16 | CVE-2008-3622 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | 4.3 |
2008-09-16 | CVE-2008-3621 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media. | 9.3 |
2008-09-16 | CVE-2008-3619 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak permissions for Time Machine Backup log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |