Filtered by vendor Apple
Subscribe
Total
12680 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5857 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.4 MEDIUM | N/A |
| Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2007-4692 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for a tab that is not active, which makes it appear as if it is associated with the active tab. | |||||
| CVE-2008-1025 | 1 Apple | 2 Safari, Webkit | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | |||||
| CVE-2009-2204 | 1 Apple | 1 Iphone Os | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. | |||||
| CVE-2008-0051 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
| Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data. | |||||
| CVE-2008-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||||
| CVE-2007-0462 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | 10.0 HIGH | N/A |
| The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption. | |||||
| CVE-2008-3645 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the local IPC component in the EAPOLController plugin for configd (Networking component) in Mac OS X 10.4.11 and 10.5.5 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2009-0014 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder. | |||||
| CVE-2009-1703 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | |||||
| CVE-2007-1917 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2008-0040 | 1 Apple | 1 Mac Os X | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. | |||||
| CVE-2008-1006 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | |||||
| CVE-2025-24279 | 1 Apple | 1 Macos | 2025-04-08 | N/A | 4.3 MEDIUM |
| This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access contacts. | |||||
| CVE-2025-24234 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-24233 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to read or write to protected files. | |||||
| CVE-2025-24232 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 9.8 CRITICAL |
| This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to access arbitrary files. | |||||
| CVE-2025-24231 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 9.8 CRITICAL |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to modify protected parts of the file system. | |||||
| CVE-2025-24230 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-07 | N/A | 9.8 CRITICAL |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iPadOS 17.7.6, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. Playing a malicious audio file may lead to an unexpected app termination. | |||||