Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-06 | CVE-2009-1727 | Multiple Security vulnerability in Apple Mac OS X 2009-003 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. network apple | 6.8 |
| 2009-08-06 | CVE-2009-1723 | Multiple Security vulnerability in Apple Mac OS X 2009-003 CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. network apple | 4.3 |
| 2009-08-04 | CVE-2009-2198 | Permissions, Privileges, and Access Controls vulnerability in Apple Garageband Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | 4.3 |
| 2009-07-09 | CVE-2009-1724 | Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | 4.3 |
| 2009-07-09 | CVE-2009-2421 | Improper Input Validation vulnerability in Apple Safari 3.2.3 The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol. | 5.0 |
| 2009-07-09 | CVE-2009-2420 | Improper Input Validation vulnerability in Apple Safari 3.2.3 Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. | 5.8 |
| 2009-07-09 | CVE-2009-2419 | Resource Management Errors vulnerability in Apple Safari 4.0/4.0.1 Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. | 4.3 |
| 2009-06-19 | CVE-2009-0961 | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. | 5.0 |
| 2009-06-19 | CVE-2009-0960 | Unspecified vulnerability in Apple Iphone OS and Ipod Touch The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. network apple | 4.3 |
| 2009-06-19 | CVE-2009-0958 | Information Exposure vulnerability in Apple Iphone OS and Ipod Touch Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | 4.3 |