Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-19 | CVE-2008-1001 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | 4.3 |
| 2008-03-18 | CVE-2008-0998 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects. | 6.9 |
| 2008-03-18 | CVE-2008-0992 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | 5.8 |
| 2008-03-18 | CVE-2008-0990 | Information Exposure vulnerability in Apple mac OS X and mac OS X Server notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | 4.4 |
| 2008-03-18 | CVE-2008-0989 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | 6.9 |
| 2008-03-18 | CVE-2008-0988 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | 4.3 |
| 2008-03-18 | CVE-2008-0987 | Buffer Errors vulnerability in Apple Aperture and Iphoto Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | 6.8 |
| 2008-03-18 | CVE-2008-0060 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | 6.8 |
| 2008-03-18 | CVE-2008-0059 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | 5.8 |
| 2008-03-18 | CVE-2008-0058 | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object. | 5.8 |