Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 12664 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4693 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.2 HIGH N/A
The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."
CVE-2009-1716 1 Apple 1 Safari 2025-04-09 2.1 LOW N/A
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
CVE-2009-3016 1 Apple 1 Safari 2025-04-09 4.3 MEDIUM N/A
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.
CVE-2008-2329 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 1.9 LOW N/A
Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window.
CVE-2007-2390 1 Apple 1 Mac Os X 2025-04-09 10.0 HIGH N/A
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2009-2027 1 Apple 1 Safari 2025-04-09 7.2 HIGH N/A
The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.
CVE-2008-2307 2 Apple, Microsoft 5 Mac Os X, Safari, Windows and 2 more 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
CVE-2009-3958 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2025-04-09 10.0 HIGH N/A
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
CVE-2008-0599 4 Apple, Canonical, Fedoraproject and 1 more 5 Mac Os X, Mac Os X Server, Ubuntu Linux and 2 more 2025-04-09 10.0 HIGH 9.8 CRITICAL
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
CVE-2008-3623 2 Apple, Microsoft 3 Safari, Windows, Windows Vista 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image, related to improper handling of color spaces.
CVE-2009-2833 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.5 HIGH N/A
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVE-2007-1913 8 Apple, Hp, Ibm and 5 more 11 Macos, Hp-ux, Tru64 and 8 more 2025-04-09 5.0 MEDIUM N/A
The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
CVE-2006-6238 1 Apple 1 Safari 2025-04-09 5.0 MEDIUM N/A
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.
CVE-2006-6906 1 Apple 1 Mac Os X 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.
CVE-2007-5856 1 Apple 1 Mac Os X 2025-04-09 9.4 HIGH N/A
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
CVE-2009-2190 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.8 HIGH N/A
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
CVE-2007-6261 1 Apple 1 Mac Os X 2025-04-09 4.9 MEDIUM N/A
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
CVE-2009-2207 1 Apple 1 Iphone Os 2025-04-09 2.1 LOW N/A
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
CVE-2009-3767 4 Apple, Fedoraproject, Openldap and 1 more 4 Mac Os X, Fedora, Openldap and 1 more 2025-04-09 4.3 MEDIUM N/A
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2009-3959 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2025-04-09 10.0 HIGH N/A
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.