Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-02-03 | CVE-2010-0496 | Improper Input Validation vulnerability in Freebit Serversman 3.1.5 FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | 5.0 |
| 2010-02-03 | CVE-2010-0038 | Resource Management Errors vulnerability in Apple Iphone OS Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | 4.6 |
| 2010-01-14 | CVE-2010-0314 | Unspecified vulnerability in Apple Safari Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | 5.0 |
| 2010-01-13 | CVE-2009-3957 | Denial of Service vulnerability in Adobe Reader and Acrobat Null Pointer Dereference Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 5.0 |
| 2009-12-08 | CVE-2009-2843 | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet. | 5.0 |
| 2009-11-13 | CVE-2009-2842 | Information Disclosure vulnerability in Apple Safari Shortcut Menu Options Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. network apple | 4.3 |
| 2009-11-13 | CVE-2009-2841 | Unspecified vulnerability in Apple Safari The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. | 5.0 |
| 2009-11-13 | CVE-2009-2816 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | 6.8 |
| 2009-11-10 | CVE-2009-2840 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2009-006 Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | 4.9 |
| 2009-11-10 | CVE-2009-2839 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | 6.8 |