Filtered by vendor Apple
Subscribe
Total
14420 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0200 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 6.8 MEDIUM | N/A |
| Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow. | |||||
| CVE-2012-0647 | 1 Apple | 1 Safari | 2026-04-29 | 5.0 MEDIUM | N/A |
| WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
| CVE-2010-1398 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element. | |||||
| CVE-2013-1006 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2026-04-29 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
| CVE-2011-2831 | 1 Apple | 2 Itunes, Webkit | 2026-04-29 | 7.6 HIGH | N/A |
| WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. | |||||
| CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2026-04-29 | 1.9 LOW | N/A |
| lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | |||||
| CVE-2010-4295 | 3 Apple, Linux, Vmware | 6 Mac Os X, Linux Kernel, Fusion and 3 more | 2026-04-29 | 6.9 MEDIUM | N/A |
| Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files. | |||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2026-04-29 | 4.0 MEDIUM | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | |||||
| CVE-2011-1288 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2026-04-29 | 9.3 HIGH | N/A |
| WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
| CVE-2013-1375 | 5 Adobe, Apple, Google and 2 more | 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more | 2026-04-29 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-3673 | 1 Apple | 1 Itunes | 2026-04-29 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | |||||
| CVE-2010-1805 | 2 Apple, Microsoft | 2 Safari, Windows | 2026-04-29 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. | |||||
| CVE-2013-0895 | 4 Apple, Google, Linux and 1 more | 4 Mac Os X, Chrome, Linux Kernel and 1 more | 2026-04-29 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on Mac OS X, does not properly handle pathnames during copy operations, which might make it easier for remote attackers to execute arbitrary programs via unspecified vectors. | |||||
| CVE-2012-3559 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2026-04-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderate severity issue." | |||||
| CVE-2013-1047 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2026-04-29 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
| CVE-2011-4692 | 2 Apple, Google | 3 Safari, Webkit, Chrome | 2026-04-29 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. | |||||
| CVE-2013-6114 | 1 Apple | 1 Motion | 2026-04-29 | 5.0 MEDIUM | N/A |
| Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. | |||||
| CVE-2010-0535 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-29 | 6.5 MEDIUM | N/A |
| Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-1295 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2026-04-29 | 9.3 HIGH | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212. | |||||
| CVE-2010-0504 | 1 Apple | 1 Mac Os X Server | 2026-04-29 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in iChat Server in Apple Mac OS X Server before 10.6.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||