Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-25 | CVE-2007-2400 | Race Condition vulnerability in Apple Iphone OS and Safari Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | 4.3 |
2007-06-25 | CVE-2007-2399 | Unspecified vulnerability in Apple mac OS X and mac OS X Server WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | 9.3 |
2007-06-21 | CVE-2007-2398 | Unspecified vulnerability in Apple Safari 3.0.1 Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks. | 7.1 |
2007-06-19 | CVE-2007-3284 | Denial of Service vulnerability in Apple Safari 3.0.1 corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. | 7.8 |
2007-06-19 | CVE-2007-3274 | Resource Management Errors vulnerability in Apple Safari 3.0/3.0.1 Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | 4.3 |
2007-06-14 | CVE-2007-2391 | Cross-Site Scripting vulnerability in Apple Safari 3.0.1 Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | 4.3 |
2007-06-12 | CVE-2007-3187 | Denial-Of-Service vulnerability in Apple Safari 3.0 Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possibly involving memory corruption, and a different issue from CVE-2007-3185 and CVE-2007-3186. | 7.5 |
2007-06-12 | CVE-2007-3186 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI. | 9.3 |
2007-06-12 | CVE-2007-3185 | Resource Management Errors vulnerability in Apple Safari 3.0.1 Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi. | 7.8 |
2007-06-12 | CVE-2007-3184 | Improper Authentication vulnerability in Apple mac OS X Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, allows attackers with physical access to bypass authentication and modify System Preferences, including passwords, by invoking the Apple Menu when the Access Control Server (ACS) produces a user notification message after posture validation. | 7.2 |