Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-16 | CVE-2008-3622 | Cross-Site Scripting vulnerability in Apple mac OS X and mac OS X Server Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection." | 4.3 |
| 2008-09-16 | CVE-2008-3617 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | 5.0 |
| 2008-09-16 | CVE-2008-3613 | Resource Management Errors vulnerability in Apple mac OS X 10.5.2/10.5.3/10.5.4 Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | 6.1 |
| 2008-09-16 | CVE-2008-3611 | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. | 6.3 |
| 2008-09-16 | CVE-2008-2331 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator. | 5.0 |
| 2008-09-16 | CVE-2008-2330 | Information Exposure vulnerability in Apple mac OS X Server slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | 4.9 |
| 2008-09-16 | CVE-2008-2312 | Credentials Management vulnerability in Apple mac OS X and mac OS X Server Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in cleartext in a world-readable file, which allows local users to obtain sensitive information by reading this file. | 4.9 |
| 2008-09-11 | CVE-2008-3630 | Remote Forged DNS Response vulnerability in Apple Bonjour 1.0.4 mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | 6.4 |
| 2008-09-11 | CVE-2008-3629 | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | 4.3 |
| 2008-09-11 | CVE-2008-3626 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |