Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1015 1 Apple 1 Quicktime 2023-12-10 6.8 MEDIUM N/A
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVE-2009-0013 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 2.1 LOW N/A
dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that passwords must be provided as command line arguments, which allows local users to gain privileges by listing process information.
CVE-2009-2794 1 Apple 1 Iphone Os 2023-12-10 4.6 MEDIUM N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2008-0045 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.1 HIGH N/A
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.
CVE-2009-0003 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
CVE-2009-0010 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 9.3 HIGH N/A
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
CVE-2009-1236 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 10.0 HIGH N/A
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
CVE-2008-1023 1 Apple 1 Quicktime 2023-12-10 6.8 MEDIUM N/A
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
CVE-2009-1680 1 Apple 2 Iphone Os, Ipod Touch 2023-12-10 2.1 LOW N/A
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
CVE-2009-2841 1 Apple 2 Mac Os X, Safari 2023-12-10 5.0 MEDIUM N/A
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202.
CVE-2009-2826 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2008-4220 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 10.0 HIGH N/A
Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. NOTE: this may be related to the WLB-2008080064 advisory published by SecurityReason on 20080822; however, as of 20081216, there are insufficient details to be sure.
CVE-2009-2825 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.3 MEDIUM N/A
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-0004 2 Apple, Microsoft 4 Mac Os X, Quicktime, Windows Vista and 1 more 2023-12-10 9.3 HIGH N/A
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
CVE-2009-2207 1 Apple 1 Iphone Os 2023-12-10 2.1 LOW N/A
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
CVE-2008-3610 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.6 HIGH N/A
Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, when a blank-password account is enabled, allows attackers to bypass password authentication and login to any account via multiple attempts to login to the blank-password account, followed by selection of an arbitrary account from the user list.
CVE-2008-2331 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 5.0 MEDIUM N/A
Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update permission data in the Get Info window after a lock operation that modifies Sharing & Permissions in a filesystem, which might allow local users to leverage weak permissions that were not intended by an administrator.
CVE-2008-4222 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.1 HIGH N/A
natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet Sharing is enabled, allows remote attackers to cause a denial of service (infinite loop) via a crafted TCP packet.
CVE-2008-4212 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 10.0 HIGH N/A
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
CVE-2009-1235 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 7.2 HIGH N/A
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.