Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-05-06 | CVE-2010-1729 | Resource Management Errors vulnerability in Apple Safari and Webkit WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. | 4.3 |
| 2010-04-27 | CVE-2010-0105 | Local Denial of Service vulnerability in Apple Mac OS X HFS Hard Links The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application that calls the mkdir and link functions, related to the fsck_hfs program in the diskdev_cmds component. | 4.9 |
| 2010-04-14 | CVE-2010-0190 | Cross-Site Scripting vulnerability in Adobe Acrobat and Acrobat Reader Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-04-05 | CVE-2009-2822 | Permissions, Privileges, and Access Controls vulnerability in Apple Airport Utility AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | 6.8 |
| 2010-04-01 | CVE-2010-1226 | Improper Input Validation vulnerability in Apple Iphone OS 3.1/3.1.3 The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | 5.0 |
| 2010-03-31 | CVE-2010-0532 | Race Condition vulnerability in Apple Itunes Race condition in the installation package in Apple iTunes before 9.1 on Windows allows local users to gain privileges by replacing an unspecified file with a Trojan horse. | 6.9 |
| 2010-03-31 | CVE-2010-0531 | Resource Management Errors vulnerability in Apple Itunes Apple iTunes before 9.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted MP4 podcast file. | 4.3 |
| 2010-03-30 | CVE-2010-0535 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | 6.5 |
| 2010-03-30 | CVE-2010-0534 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the service access control list (SACL) for weblogs during weblog creation, which allows remote authenticated users to publish content via HTTP requests. | 4.0 |
| 2010-03-30 | CVE-2010-0526 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted genl atom in a QuickTime movie file with MPEG encoding, which is not properly handled during decompression. | 4.3 |