Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.
Max CVSS
4.3
EPSS Score
0.18%
Published
2010-11-16
Updated
2010-11-17
CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses.
Max CVSS
5.0
EPSS Score
0.12%
Published
2010-08-25
Updated
2010-08-26
2 vulnerabilities found