Vulnerabilities > Apple > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-06 | CVE-2009-2191 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name. | 7.5 |
2009-08-06 | CVE-2009-2190 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service. | 7.8 |
2009-08-06 | CVE-2009-0151 | Multiple Security vulnerability in Apple Mac OS X 2009-003 The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | 7.2 |
2009-06-19 | CVE-2009-1692 | Resource Management Errors vulnerability in Apple Iphone OS, Ipod Touch and Safari WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. | 7.1 |
2009-06-19 | CVE-2009-1683 | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." | 7.8 |
2009-06-19 | CVE-2009-0959 | Improper Input Validation vulnerability in Apple Iphone OS and Ipod Touch The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | 7.1 |
2009-06-16 | CVE-2009-1719 | Code Injection vulnerability in SUN JRE 1.5.0/1.5.011B03 The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. | 7.5 |
2009-06-10 | CVE-2009-2027 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. | 7.2 |
2009-06-10 | CVE-2009-1718 | Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. | 7.1 |
2009-06-10 | CVE-2009-1713 | Information Exposure vulnerability in Apple Safari The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. | 7.1 |