Filtered by vendor Apple
Subscribe
Total
12675 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2320 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API. | |||||
| CVE-2007-3761 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. | |||||
| CVE-2006-5051 | 3 Apple, Debian, Openbsd | 4 Mac Os X, Mac Os X Server, Debian Linux and 1 more | 2025-04-09 | 9.3 HIGH | 8.1 HIGH |
| Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free. | |||||
| CVE-2009-2820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues. | |||||
| CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||||
| CVE-2009-0158 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server. | |||||
| CVE-2009-0138 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
| servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration. | |||||
| CVE-2009-1792 | 4 Apple, Linux, Microsoft and 1 more | 5 Macos, Linux Kernel, Windows and 2 more | 2025-04-09 | 9.3 HIGH | N/A |
| The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | |||||
| CVE-2008-1018 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | |||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.9 MEDIUM | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | |||||
| CVE-2009-1712 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | |||||
| CVE-2008-0032 | 1 Apple | 1 Quicktime | 2025-04-09 | 5.8 MEDIUM | N/A |
| Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption. | |||||
| CVE-2009-0019 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.5 HIGH | N/A |
| Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) or obtain sensitive information via unspecified vectors that trigger an out-of-bounds memory access. | |||||
| CVE-2008-3613 | 1 Apple | 2 Mac Os X, Macbook Air | 2025-04-09 | 6.1 MEDIUM | N/A |
| Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving a search for a remote disk on the local network. | |||||
| CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | |||||
| CVE-2007-5901 | 2 Apple, Mit | 3 Mac Os X, Mac Os X Server, Kerberos 5 | 2025-04-09 | 6.9 MEDIUM | N/A |
| Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. | |||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2025-04-09 | 7.5 HIGH | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2025-04-09 | 2.6 LOW | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
| CVE-2006-6127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | |||||
| CVE-2007-4701 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file. | |||||