Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-10 | CVE-2008-1582 | Resource Management Errors vulnerability in Apple Quicktime 7.4.5 Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | 6.8 |
| 2008-06-10 | CVE-2008-1581 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | 6.8 |
| 2008-06-03 | CVE-2008-1035 | Code Injection vulnerability in Apple Ical 3.0.1 Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. | 4.3 |
| 2008-06-02 | CVE-2008-1580 | Information Exposure vulnerability in Apple Safari CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use arbitrary certificates to track user activities across domains, a related issue to CVE-2007-4879. | 4.3 |
| 2008-06-02 | CVE-2008-1579 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | 5.0 |
| 2008-06-02 | CVE-2008-1576 | Resource Management Errors vulnerability in Apple mac OS X Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message. | 6.8 |
| 2008-06-02 | CVE-2008-1572 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | 4.6 |
| 2008-06-02 | CVE-2008-1571 | Path Traversal vulnerability in Apple mac OS X and mac OS X Server Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | 5.0 |
| 2008-06-02 | CVE-2008-1036 | Cross-Site Scripting vulnerability in multiple products The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks. | 4.3 |
| 2008-06-02 | CVE-2008-1032 | Multiple Security vulnerability in RETIRED: Apple Mac OS X 2008-003 Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. network apple | 6.8 |