Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-02 | CVE-2008-1027 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | 4.3 |
| 2008-05-22 | CVE-2008-2006 | Improper Input Validation vulnerability in Apple Ical 3.0.1 Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | 4.3 |
| 2008-04-28 | CVE-2008-2001 | Buffer Errors vulnerability in Apple Safari 3.1.1 Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. | 4.3 |
| 2008-04-28 | CVE-2008-2000 | Resource Management Errors vulnerability in Apple Safari 3.1.1 Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | 4.3 |
| 2008-04-28 | CVE-2008-1999 | Remote Security vulnerability in Apple Safari 3.1.1 Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | 5.0 |
| 2008-04-17 | CVE-2008-1026 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari 3/3.1 Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | 6.8 |
| 2008-04-17 | CVE-2008-1025 | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | 4.3 |
| 2008-04-17 | CVE-2008-1024 | Resource Management Errors vulnerability in Apple Safari 3/3.1 Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | 6.8 |
| 2008-04-08 | CVE-2008-1701 | Denial Of Service vulnerability in Novell Iprint 6.5 Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | 5.0 |
| 2008-04-04 | CVE-2008-1023 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | 6.8 |