Vulnerabilities > Apple > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-03-15 | CVE-2010-0050 | Use After Free vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. | 8.8 |
2010-03-05 | CVE-2010-0302 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
2009-11-20 | CVE-2009-3553 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. | 7.5 |
2009-11-10 | CVE-2009-2833 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | 7.5 |
2009-11-10 | CVE-2009-2828 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 7.5 |
2009-10-16 | CVE-2009-3282 | Numeric Errors vulnerability in VMWare Fusion Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors. | 7.8 |
2009-10-16 | CVE-2009-3281 | Permissions, Privileges, and Access Controls vulnerability in VMWare Fusion The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | 7.2 |
2009-10-13 | CVE-2009-3692 | Local Privilege Escalation vulnerability in Sun VirtualBox VBoxNetAdpCtl Configuration Tool Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | 7.2 |
2009-09-29 | CVE-2009-3455 | Cryptographic Issues vulnerability in Apple Safari Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
2009-09-21 | CVE-2009-3273 | Cryptographic Issues vulnerability in Apple Iphone OS iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | 7.5 |