Filtered by vendor Apple
Subscribe
Total
12662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1701 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | |||||
| CVE-2008-1582 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | |||||
| CVE-2008-0988 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | |||||
| CVE-2009-3953 | 5 Adobe, Apple, Microsoft and 2 more | 6 Acrobat, Mac Os X, Windows and 3 more | 2025-04-09 | 10.0 HIGH | 8.8 HIGH |
| The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. | |||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-0726 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were based on the original keys. | |||||
| CVE-2007-5860 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 allows local users to execute arbitrary code via unspecified output files, involving an "insecure file operation." | |||||
| CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2025-04-09 | 2.1 LOW | N/A |
| Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
| CVE-2007-4694 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs. | |||||
| CVE-2008-4368 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and 10.5.5 contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits, which makes it easier for attackers to decrypt ciphertext produced by JCE. | |||||
| CVE-2009-0004 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file. | |||||
| CVE-2008-2939 | 4 Apache, Apple, Canonical and 1 more | 4 Http Server, Mac Os X, Ubuntu Linux and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. | |||||
| CVE-2007-2580 | 1 Apple | 1 Safari | 2025-04-09 | 1.9 LOW | N/A |
| Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script. | |||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | |||||
| CVE-2007-2399 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | |||||
| CVE-2008-3171 | 1 Apple | 1 Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apple Safari sends Referer headers containing https URLs to different https web sites, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | |||||
| CVE-2008-3646 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be network-accessible when mail is sent from a local command-line tool, which allows remote attackers to send mail to local Mac OS X users. | |||||
| CVE-2009-3281 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-04-09 | 7.2 HIGH | N/A |
| The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors. | |||||
| CVE-2008-1583 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. | |||||
| CVE-2008-0039 | 1 Apple | 2 Mac Os X, Mail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | |||||