Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-16 | CVE-2008-0035 | Resource Management Errors vulnerability in Apple Safari Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. | 6.8 |
| 2008-01-16 | CVE-2008-0034 | Unspecified vulnerability in Apple Iphone and Iphone OS Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | 4.6 |
| 2008-01-16 | CVE-2008-0031 | Resource Management Errors vulnerability in Apple Quicktime Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption. | 5.8 |
| 2007-12-28 | CVE-2007-6592 | Remote Security vulnerability in Apple Safari 2 Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. network apple | 4.3 |
| 2007-12-19 | CVE-2007-5861 | Resource Management Errors vulnerability in Apple mac OS X 10.4.11 Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer. | 6.8 |
| 2007-12-19 | CVE-2007-5858 | Cross-site Scripting vulnerability in Apple Safari WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. | 4.3 |
| 2007-12-19 | CVE-2007-5857 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X 10.5.1 Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | 6.4 |
| 2007-12-19 | CVE-2007-5855 | Improper Authentication vulnerability in Apple mac OS X 10.4.11/10.5.1 Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity. | 6.4 |
| 2007-12-19 | CVE-2007-5854 | Cross-Site Scripting vulnerability in Apple mac OS X 10.4.11/10.5.1 Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file. | 4.3 |
| 2007-12-19 | CVE-2007-5847 | Race Condition vulnerability in Apple mac OS X 10.4.11 Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information. | 6.6 |