Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1845 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.
CVE-2010-2665 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
CVE-2010-4381 2 Apple, Realnetworks 3 Mac Os X, Realplayer, Realplayer Sp 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 allows remote attackers to have an unspecified impact via a crafted AAC file.
CVE-2010-1402 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 9.3 HIGH N/A
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
CVE-2011-0127 2 Apple, Microsoft 6 Itunes, Webkit, Windows and 3 more 2023-12-10 7.6 HIGH N/A
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE-2010-1791 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 9.3 HIGH N/A
Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
CVE-2010-1789 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.
CVE-2010-3827 1 Apple 1 Iphone Os 2023-12-10 4.3 MEDIUM N/A
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2011-4371 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2023-12-10 7.5 HIGH N/A
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
CVE-2010-1815 3 Apple, Canonical, Webkitgtk 4 Iphone Os, Ipod Touch, Ubuntu Linux and 1 more 2023-12-10 6.8 MEDIUM N/A
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
CVE-2008-2306 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2023-12-10 9.3 HIGH N/A
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
CVE-2009-2838 1 Apple 1 Mac Os X 2023-12-10 6.8 MEDIUM N/A
Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.
CVE-2009-0945 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2023-12-10 9.3 HIGH N/A
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
CVE-2009-2199 1 Apple 3 Iphone Os, Ipod Touch, Safari 2023-12-10 5.8 MEDIUM N/A
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
CVE-2008-5286 1 Apple 1 Cups 2023-12-10 7.5 HIGH N/A
Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
CVE-2009-1710 1 Apple 1 Safari 2023-12-10 2.6 LOW N/A
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
CVE-2008-3626 1 Apple 1 Quicktime 2023-12-10 6.8 MEDIUM N/A
The CallComponentFunctionWithStorage function in Apple QuickTime before 7.5.5 does not properly handle a large entry in the sample_size_table in STSZ atoms, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
CVE-2009-0153 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.3 MEDIUM N/A
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2008-3614 2 Apple, Microsoft 4 Quicktime, Windows-nt, Windows Vista and 1 more 2023-12-10 6.8 MEDIUM N/A
Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption.
CVE-2009-2799 1 Apple 1 Quicktime 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.