Filtered by vendor Apple
Subscribe
Total
11182 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1010 | 1 Apple | 1 Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||||
CVE-2009-0958 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. | |||||
CVE-2008-5821 | 2 Apple, Microsoft | 2 Safari, Windows Vista | 2023-12-10 | 5.0 MEDIUM | N/A |
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||||
CVE-2008-0048 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||||
CVE-2008-4234 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
Incomplete blacklist vulnerability in the Quarantine feature in CoreTypes in Apple Mac OS X 10.5 before 10.5.6 allows user-assisted remote attackers to execute arbitrary code via an executable file with the content type indicating no application association for the file, which does not trigger a "potentially unsafe" warning message. | |||||
CVE-2009-1686 | 1 Apple | 1 Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
CVE-2009-1726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile. | |||||
CVE-2009-1181 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-12-10 | 4.3 MEDIUM | N/A |
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | |||||
CVE-2009-0143 | 1 Apple | 1 Itunes | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast. | |||||
CVE-2009-0185 | 1 Apple | 1 Quicktime | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. | |||||
CVE-2008-4230 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 1.9 LOW | N/A |
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. | |||||
CVE-2008-2330 | 1 Apple | 1 Mac Os X Server | 2023-12-10 | 4.9 MEDIUM | N/A |
slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 allows local users to select a readable output file into which the server password will be written by an OpenLDAP system administrator, related to the mkfifo function, aka an "insecure file operation issue." | |||||
CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | |||||
CVE-2008-5184 | 1 Apple | 1 Cups | 2023-12-10 | 10.0 HIGH | N/A |
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||
CVE-2008-4227 | 1 Apple | 2 Iphone Os, Ipod Touch | 2023-12-10 | 7.5 HIGH | N/A |
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. | |||||
CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | |||||
CVE-2009-2828 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
CVE-2009-1725 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2023-12-10 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
CVE-2008-3629 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Quicktime and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Apple QuickTime before 7.5.5 allows remote attackers to cause a denial of service (application crash) via a crafted PICT image that triggers an out-of-bounds read. | |||||
CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. |