Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-19 | CVE-2007-3274 | Resource Management Errors vulnerability in Apple Safari 3.0/3.0.1 Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause a denial of service (application crash) via JavaScript that sets the document.location variable, as demonstrated by an empty value of document.location. | 4.3 |
| 2007-06-14 | CVE-2007-2391 | Cross-Site Scripting vulnerability in Apple Safari 3.0.1 Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | 4.3 |
| 2007-05-24 | CVE-2007-0740 | Multiple Security vulnerability in Apple mac OS X 10.3.9/10.4.9 Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files. network apple | 6.8 |
| 2007-05-16 | CVE-2007-1898 | Unspecified vulnerability in Jetbox CMS 2.1 formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | 5.8 |
| 2007-04-24 | CVE-2007-0743 | Multiple Security vulnerability in Apple Mac OS X 2007-004 URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process. | 4.9 |
| 2007-04-24 | CVE-2007-0739 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | 4.6 |
| 2007-04-24 | CVE-2007-0738 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | 4.6 |
| 2007-04-24 | CVE-2007-0737 | Multiple Security vulnerability in Apple Mac OS X 2007-004 The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not properly check certain environment variables, which allows local users to gain privileges via unspecified vectors. | 4.6 |
| 2007-04-22 | CVE-2007-2163 | Denial-Of-Service vulnerability in Safari Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 5.0 |
| 2007-04-10 | CVE-2007-0734 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption. | 5.4 |