Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 12664 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0038 1 Apple 1 Mac Os X 2025-04-09 1.9 LOW N/A
Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.
CVE-2009-3955 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-09 10.0 HIGH N/A
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
CVE-2009-1696 1 Apple 1 Safari 2025-04-09 5.0 MEDIUM N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
CVE-2007-5854 1 Apple 1 Mac Os X 2025-04-09 4.3 MEDIUM N/A
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
CVE-2008-3529 4 Apple, Canonical, Debian and 1 more 6 Iphone Os, Mac Os X, Safari and 3 more 2025-04-09 10.0 HIGH N/A
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2007-0467 1 Apple 1 Mac Os X 2025-04-09 6.2 MEDIUM N/A
crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.
CVE-2007-0716 1 Apple 1 Quicktime 2025-04-09 5.8 MEDIUM N/A
Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.
CVE-2009-0961 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 5.0 MEDIUM N/A
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
CVE-2007-4424 1 Apple 1 Safari 2025-04-09 4.3 MEDIUM N/A
Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.
CVE-2009-2188 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
CVE-2009-1692 1 Apple 3 Iphone Os, Ipod Touch, Safari 2025-04-09 7.1 HIGH N/A
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
CVE-2009-1196 1 Apple 1 Cups 2025-04-09 5.0 MEDIUM N/A
The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
CVE-2007-6166 2 Apple, Microsoft 5 Mac Os X, Quicktime, Safari and 2 more 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2007-3753 1 Apple 2 Iphone, Iphone Os 2025-04-09 7.5 HIGH N/A
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.
CVE-2006-4403 1 Apple 1 Mac Os X 2025-04-09 4.0 MEDIUM N/A
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
CVE-2008-5821 2 Apple, Microsoft 2 Safari, Windows Vista 2025-04-09 5.0 MEDIUM N/A
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
CVE-2008-0031 1 Apple 1 Quicktime 2025-04-09 5.8 MEDIUM N/A
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.
CVE-2006-4393 1 Apple 1 Mac Os X 2025-04-09 3.7 LOW N/A
Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
CVE-2009-0160 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 6.8 MEDIUM N/A
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.
CVE-2007-0738 1 Apple 1 Mac Os X 2025-04-09 4.6 MEDIUM N/A
The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls.