CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities Published In 2009 (Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-3384 DoS Exec Code +Info 2009-11-13 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
2 CVE-2009-2835 20 DoS +Priv +Info 2009-11-10 2009-11-17
4.6
None Local Low Not required Partial Partial Partial
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
3 CVE-2009-2797 200 +Info 2009-09-10 2012-10-22
5.0
None Remote Low Not required Partial None None
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
4 CVE-2009-2796 200 +Info 2009-09-10 2012-10-22
2.1
None Local Low Not required Partial None None
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
5 CVE-2009-2207 264 +Info 2009-09-10 2012-10-22
2.1
None Local Low Not required Partial None None
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
6 CVE-2009-2200 200 +Info 2009-08-12 2011-02-17
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
7 CVE-2009-1718 200 +Info 2009-06-10 2011-02-17
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
8 CVE-2009-1716 264 +Info 2009-06-10 2009-06-19
2.1
None Local Low Not required Partial None None
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
9 CVE-2009-1713 200 +Info 2009-06-10 2011-02-17
7.1
None Remote Medium Not required Complete None None
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
10 CVE-2009-1712 94 Exec Code +Priv +Info 2009-06-10 2011-02-17
9.3
Admin Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
11 CVE-2009-1708 Exec Code +Info 2009-06-10 2009-06-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
12 CVE-2009-1706 200 +Info 2009-06-10 2009-06-19
5.0
None Remote Low Not required Partial None None
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
13 CVE-2009-1703 200 +Info 2009-06-10 2011-02-17
7.1
None Remote Medium Not required Complete None None
WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.
14 CVE-2009-1700 200 +Info 2009-06-10 2012-03-30
4.3
None Remote Medium Not required Partial None None
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
15 CVE-2009-1699 200 1 +Info 2009-06-10 2012-03-30
7.1
None Remote Medium Not required Complete None None
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
16 CVE-2009-1680 200 +Info 2009-06-19 2012-03-30
2.1
None Local Low Not required Partial None None
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
17 CVE-2009-0958 200 +Info 2009-06-19 2012-03-30
4.3
None Remote Medium Not required Partial None None
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
18 CVE-2009-0152 16 +Info 2009-05-13 2009-05-16
5.0
None Remote Low Not required Partial None None
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
19 CVE-2009-0144 16 +Info 2009-05-13 2009-05-16
4.3
None Remote Medium Not required Partial None None
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
20 CVE-2009-0143 200 +Info 2009-03-14 2010-08-21
4.3
None Remote Medium Not required Partial None None
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.
21 CVE-2009-0123 200 +Info 2009-01-15 2009-01-22
7.1
None Remote Medium Not required Complete None None
Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows allows remote attackers to read arbitrary files on a client machine via vectors related to the association of Safari with the (1) feed, (2) feeds, and (3) feedsearch URL types for RSS feeds. NOTE: as of 20090114, the only disclosure is a vague pre-advisory. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
22 CVE-2009-0019 119 DoS Overflow +Info 2009-02-12 2009-08-19
7.5
User Remote Low Not required Partial Partial Partial
Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access.
23 CVE-2009-0015 255 +Info 2009-02-12 2009-08-19
4.9
None Local Low Not required Complete None None
Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management."
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.