3.2.2b

DATE	CVE	VULNERABILITY TITLE	RISK
2009-08-11	CVE-2009-2416	Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. network low complexity xmlsoft fedoraproject debian redhat canonical google apple suse opensuse vmware sun CWE-416	6.5
2009-07-09	CVE-2009-1725	Numeric Errors vulnerability in Apple Safari WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. network apple CWE-189 critical	9.3
2009-07-09	CVE-2009-1724	Cross-site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. network apple CWE-79	4.3
2009-06-10	CVE-2009-2027	Permissions, Privileges, and Access Controls vulnerability in Apple Safari The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. local low complexity apple CWE-264	7.2
2009-06-10	CVE-2009-1718	Information Exposure vulnerability in Apple Safari WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page. network apple CWE-200	7.1
2009-06-10	CVE-2009-1716	Permissions, Privileges, and Access Controls vulnerability in Apple Safari CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. local low complexity apple CWE-264	2.1
2009-06-10	CVE-2009-1715	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges. network apple CWE-79	4.3
2009-06-10	CVE-2009-1714	Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. network apple CWE-79	4.3
2009-06-10	CVE-2009-1713	Information Exposure vulnerability in Apple Safari The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors. network apple CWE-200	7.1
2009-06-10	CVE-2009-1712	Code Injection vulnerability in Apple Safari WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. network apple CWE-94 critical	9.3