Filtered by vendor Apple
Subscribe
Total
11182 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6722 | 3 Apple, Microsoft, Vidalia-project | 3 Mac Os X, Windows, Vidalia Bundle | 2023-12-10 | 5.0 MEDIUM | N/A |
Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 5.0 MEDIUM | N/A |
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | |||||
CVE-2009-0139 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service (system shutdown) or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow. | |||||
CVE-2009-2819 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||||
CVE-2008-2304 | 1 Apple | 1 Core Image Fun House | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters. | |||||
CVE-2009-2823 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.3 MEDIUM | N/A |
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||||
CVE-2008-4228 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 3.6 LOW | N/A |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. | |||||
CVE-2008-0999 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.1 HIGH | N/A |
Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | |||||
CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.9 MEDIUM | N/A |
Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
CVE-2009-0140 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system name. | |||||
CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
CVE-2009-1711 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | |||||
CVE-2009-0151 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.2 HIGH | N/A |
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors. | |||||
CVE-2008-4231 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 9.3 HIGH | N/A |
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
CVE-2009-0954 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie file containing crafted Clipping Region (CRGN) atom types. | |||||
CVE-2008-1035 | 1 Apple | 1 Ical | 2023-12-10 | 4.3 MEDIUM | N/A |
Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. | |||||
CVE-2008-1008 | 1 Apple | 1 Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | |||||
CVE-2009-2839 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
CVE-2009-2205 | 1 Apple | 5 Java 1.4, Java 1.5, Java 1.6 and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2009-2803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. |