Vulnerabilities > Apple > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-15 | CVE-2010-0048 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document. | 9.3 |
| 2010-03-15 | CVE-2010-0047 | Resource Management Errors vulnerability in Apple Safari Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'WebKit CVE-ID: CVE-2010-0047 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use-after-free issue exists in the handling of HTML object element fallback content. | 9.3 |
| 2010-03-15 | CVE-2010-0046 | Code Injection vulnerability in Apple Safari The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. | 9.3 |
| 2010-03-15 | CVE-2010-0045 | Improper Input Validation vulnerability in Apple Safari Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. | 9.3 |
| 2010-03-15 | CVE-2010-0043 | Code Injection vulnerability in Apple Safari ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | 9.3 |
| 2010-03-15 | CVE-2010-0040 | Numeric Errors vulnerability in Apple Safari Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow. | 9.3 |
| 2010-02-18 | CVE-2010-0659 | Resource Management Errors vulnerability in multiple products The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size. | 9.3 |
| 2010-02-18 | CVE-2010-0647 | Code Injection vulnerability in multiple products WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence. | 9.3 |
| 2010-01-25 | CVE-2009-4257 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in smlrender.dll in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10 and 11.0.0, and Helix Player 10.x and 11.0.0 allows remote attackers to execute arbitrary code via an SMIL file with crafted string lengths. | 9.3 |
| 2010-01-25 | CVE-2009-4248 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products Buffer overflow in the RTSPProtocol::HandleSetParameterRequest function in client/core/rtspprotocol.cpp in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted RTSP SET_PARAMETER request. | 9.3 |