Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-06-02 | CVE-2008-1036 | Cross-Site Scripting vulnerability in multiple products The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
2008-06-02 | CVE-2008-1034 | Numeric Errors vulnerability in Apple mac OS X Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow. | 9.3 |
2008-06-02 | CVE-2008-1033 | Permissions, Privileges, and Access Controls vulnerability in Apple Cups The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." | 2.1 |
2008-06-02 | CVE-2008-1032 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-003 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. network apple | 6.8 |
2008-06-02 | CVE-2008-1031 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | 9.3 |
2008-06-02 | CVE-2008-1030 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | 10.0 |
2008-06-02 | CVE-2008-1028 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | 9.3 |
2008-06-02 | CVE-2008-1027 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | 4.3 |
2008-05-22 | CVE-2008-2006 | Improper Input Validation vulnerability in Apple Ical 3.0.1 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | 4.3 |
2008-05-05 | CVE-2008-0599 | Incorrect Calculation of Buffer Size vulnerability in multiple products The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. | 9.8 |