Filtered by vendor Apple
Subscribe
Total
11182 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1573 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.1 HIGH | N/A |
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||||
CVE-2008-1585 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. | |||||
CVE-2009-3692 | 3 Apple, Linux, Sun | 5 Mac Os X, Linux, Opensolaris and 2 more | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors. | |||||
CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2023-12-10 | 2.6 LOW | N/A |
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
CVE-2009-1233 | 2 Apple, Microsoft | 2 Safari, Windows | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | |||||
CVE-2008-1584 | 1 Apple | 1 Quicktime | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | |||||
CVE-2008-4211 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2023-12-10 | 10.0 HIGH | N/A |
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." | |||||
CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 1.9 LOW | N/A |
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
CVE-2008-0055 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.2 HIGH | N/A |
Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges. | |||||
CVE-2009-2202 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | |||||
CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2023-12-10 | 5.0 MEDIUM | N/A |
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||||
CVE-2008-1032 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | |||||
CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 4.3 MEDIUM | N/A |
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | |||||
CVE-2009-0147 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. | |||||
CVE-2009-2830 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515. | |||||
CVE-2009-2204 | 1 Apple | 1 Iphone Os | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. | |||||
CVE-2008-3632 | 1 Apple | 3 Iphone, Iphone Os, Ipod Touch | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. | |||||
CVE-2008-2325 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicklook | 2023-12-10 | 9.3 HIGH | N/A |
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking." | |||||
CVE-2009-3767 | 4 Apple, Fedoraproject, Openldap and 1 more | 4 Mac Os X, Fedora, Openldap and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2008-4224 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.1 HIGH | N/A |
UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to cause a denial of service (system crash) via a malformed UDF volume in a crafted ISO file. |