Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-03-04 | CVE-2008-1148 | A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. | 6.8 |
| 2008-03-04 | CVE-2008-1146 | A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. | 6.8 |
| 2008-02-21 | CVE-2008-0894 | Remote Denial of Service and Information Disclosure vulnerability in Apple Safari BMP and GIF Files Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420. network apple | 6.8 |
| 2008-02-12 | CVE-2008-0042 | Code Injection vulnerability in Apple mac OS X 10.4.11/10.5/10.5.1 Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | 6.8 |
| 2008-02-12 | CVE-2008-0041 | Information Exposure vulnerability in Apple mac OS X 10.5/10.5.1 Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | 5.0 |
| 2008-02-12 | CVE-2008-0039 | Code Injection vulnerability in Apple Mail Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | 6.8 |
| 2008-02-12 | CVE-2008-0037 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5/10.5.1 X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | 4.3 |
| 2008-01-16 | CVE-2008-0298 | Improper Input Validation vulnerability in Apple Safari KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | 4.3 |
| 2008-01-16 | CVE-2008-0036 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding. | 6.8 |
| 2008-01-16 | CVE-2008-0032 | Resource Management Errors vulnerability in Apple Quicktime Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | 5.8 |