Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
Max CVSS
9.3
EPSS Score
1.16%
Published
2009-12-03
Updated
2017-08-17
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file inclusion vulnerabilities, via multiple requests, related to lack of support for the max_file_uploads directive.
Max CVSS
5.0
EPSS Score
5.39%
Published
2009-11-24
Updated
2024-02-15
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
4.3
EPSS Score
0.26%
Published
2009-10-23
Updated
2020-10-14
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
8.45%
Published
2009-11-20
Updated
2024-02-02
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-09-29
Updated
2009-09-30
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
Max CVSS
9.3
EPSS Score
0.25%
Published
2009-11-13
Updated
2017-09-19
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
Max CVSS
7.5
EPSS Score
0.05%
Published
2009-09-21
Updated
2021-05-23
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
Max CVSS
5.0
EPSS Score
44.90%
Published
2009-09-21
Updated
2017-09-19
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
Max CVSS
4.3
EPSS Score
1.00%
Published
2009-09-21
Updated
2017-09-19
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.
Max CVSS
5.0
EPSS Score
0.95%
Published
2009-09-08
Updated
2022-09-19
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
Max CVSS
4.3
EPSS Score
0.19%
Published
2009-08-31
Updated
2017-09-19
Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.
Max CVSS
5.0
EPSS Score
0.32%
Published
2009-12-08
Updated
2011-01-04
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
Max CVSS
4.3
EPSS Score
0.52%
Published
2009-11-13
Updated
2017-09-19
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.
Max CVSS
5.0
EPSS Score
0.60%
Published
2009-11-13
Updated
2017-08-17
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.25%
Published
2009-11-10
Updated
2009-12-19
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
Max CVSS
6.8
EPSS Score
0.84%
Published
2009-11-10
Updated
2009-11-17
Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
Max CVSS
6.8
EPSS Score
1.99%
Published
2009-11-10
Updated
2017-09-19
Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.
Max CVSS
6.2
EPSS Score
0.06%
Published
2009-11-10
Updated
2009-11-17
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.26%
Published
2009-11-10
Updated
2009-11-17
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
Max CVSS
5.1
EPSS Score
0.85%
Published
2009-11-10
Updated
2009-11-17
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
Max CVSS
5.8
EPSS Score
1.18%
Published
2009-11-10
Updated
2009-11-17
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.
Max CVSS
6.8
EPSS Score
0.85%
Published
2009-11-10
Updated
2009-11-17
229 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!