Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-14 | CVE-2009-2814 | Cross-Site Scripting vulnerability in Apple mac OS X Server 10.5.8 Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | 4.3 |
| 2009-09-14 | CVE-2009-2813 | Permissions, Privileges, and Access Controls vulnerability in multiple products Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories. | 6.0 |
| 2009-09-14 | CVE-2009-2812 | Remote Code Execution vulnerability in Apple Mac OS X Launch Services Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. network apple | 6.8 |
| 2009-09-14 | CVE-2009-2811 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | 6.8 |
| 2009-09-14 | CVE-2009-2809 | Code Injection vulnerability in Apple mac OS X and mac OS X Server ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues." | 6.8 |
| 2009-09-14 | CVE-2009-2805 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | 6.8 |
| 2009-09-14 | CVE-2009-2804 | Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Safari Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. | 6.8 |
| 2009-09-14 | CVE-2009-2803 | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | 6.8 |
| 2009-09-11 | CVE-2009-2800 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | 6.8 |
| 2009-09-10 | CVE-2009-2797 | Information Exposure vulnerability in multiple products The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | 5.0 |