Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11170 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3281 2 Apple, Vmware 2 Mac Os X, Fusion 2023-12-10 7.2 HIGH N/A
The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.
CVE-2009-1681 1 Apple 1 Safari 2023-12-10 4.3 MEDIUM N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
CVE-2008-2305 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 9.3 HIGH N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
CVE-2009-2815 1 Apple 1 Iphone Os 2023-12-10 7.8 HIGH N/A
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
CVE-2008-2006 1 Apple 2 Ical, Mac Os X 2023-12-10 4.3 MEDIUM N/A
Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line.
CVE-2008-2314 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.4 MEDIUM N/A
Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
CVE-2009-0155 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.
CVE-2009-1702 1 Apple 3 Iphone Os, Ipod Touch, Safari 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
CVE-2009-0070 1 Apple 1 Safari 2023-12-10 9.3 HIGH N/A
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
CVE-2008-1739 1 Apple 1 Quicktime 2023-12-10 6.8 MEDIUM N/A
Apple QuickTime before 7.4.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted ftyp atoms in a movie file, which triggers memory corruption.
CVE-2008-3529 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Safari and 3 more 2023-12-10 10.0 HIGH N/A
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2009-1718 1 Apple 1 Safari 2023-12-10 7.1 HIGH N/A
WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.
CVE-2009-1727 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.
CVE-2008-1017 1 Apple 1 Quicktime 2023-12-10 6.8 MEDIUM N/A
Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVE-2008-2323 1 Apple 2 Data Detectors Engine, Mac Os X 2023-12-10 7.1 HIGH N/A
Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X 10.5.4 allows attackers to cause a denial of service (resource consumption) via crafted textual content in messages.
CVE-2008-3630 2 Apple, Microsoft 6 Bonjour, Windows-nt, Windows 2000 and 3 more 2023-12-10 6.4 MEDIUM N/A
mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an application uses the Bonjour API for unicast DNS, does not choose random values for transaction IDs or source ports in DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447.
CVE-2009-0160 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 6.8 MEDIUM N/A
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
CVE-2009-3271 1 Apple 2 Iphone Os, Safari 2023-12-10 4.3 MEDIUM N/A
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
CVE-2008-3639 1 Apple 1 Cups 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
CVE-2008-2308 1 Apple 2 Mac Os X, Mac Os X Server 2023-12-10 4.6 MEDIUM N/A
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.