Filtered by vendor Apple
Subscribe
Total
12662 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2839 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2009-1705 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | |||||
| CVE-2008-3614 | 2 Apple, Microsoft | 4 Quicktime, Windows-nt, Windows Vista and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.5.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image, which triggers heap corruption. | |||||
| CVE-2007-4680 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack. | |||||
| CVE-2009-2812 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site. | |||||
| CVE-2008-4116 | 1 Apple | 2 Itunes, Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag (1) on a web page or embedded in a (2) .mp4 or (3) .mov file, possibly related to the Check_stack_cookie function and an off-by-one error that leads to a heap-based buffer overflow. | |||||
| CVE-2009-0846 | 5 Apple, Canonical, Fedoraproject and 2 more | 9 Mac Os X, Ubuntu Linux, Fedora and 6 more | 2025-04-09 | 10.0 HIGH | N/A |
| The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer. | |||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2009-3956 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-09 | 10.0 HIGH | N/A |
| The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers. | |||||
| CVE-2008-2000 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||||
| CVE-2009-0185 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file. | |||||
| CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2025-04-09 | 5.0 MEDIUM | N/A |
| Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||||
| CVE-2007-2175 | 1 Apple | 1 Safari | 2025-04-09 | 7.6 HIGH | N/A |
| Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007. | |||||
| CVE-2008-0995 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.6 LOW | N/A |
| The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
| CVE-2007-5450 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file. | |||||
| CVE-2009-0956 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero. | |||||
| CVE-2007-2392 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption. | |||||
| CVE-2009-1698 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | |||||
| CVE-2009-2198 | 1 Apple | 1 Garageband | 2025-04-09 | 4.3 MEDIUM | N/A |
| Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users. | |||||
| CVE-2007-0730 | 1 Apple | 2 Mac Os X, Server Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 does not sufficiently validate authentication credentials, which allows remote attackers to bypass authentication and modify system configuration. | |||||