Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-22 | CVE-2010-1753 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. | 6.8 |
| 2010-06-22 | CVE-2010-1752 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. | 6.8 |
| 2010-06-22 | CVE-2010-1751 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. | 5.0 |
| 2010-06-22 | CVE-2010-1407 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | 4.3 |
| 2010-06-22 | CVE-2010-1637 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number. | 6.5 |
| 2010-06-21 | CVE-2010-0542 | Permissions, Privileges, and Access Controls vulnerability in Apple Cups The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file. | 6.8 |
| 2010-06-18 | CVE-2010-2332 | Improper Input Validation vulnerability in Impactfinancials Impact PDF Reader 1.2/2.0 Impact Financials, Inc. | 5.0 |
| 2010-06-17 | CVE-2010-1748 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Cups The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs. | 4.3 |
| 2010-06-17 | CVE-2010-1411 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. | 6.8 |
| 2010-06-17 | CVE-2010-1379 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly interpret character encoding, which allows remote attackers to cause a denial of service (printing failure) by deploying a printing device that has a Unicode character in its printing-service name. | 5.0 |