Filtered by vendor Apple
Subscriptions
Total
13209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0145 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption. | ||||
| CVE-2007-0736 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap. | ||||
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | ||||
| CVE-2008-5914 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2007-0613 | 1 Apple | 3 Ichat, Instant Message Framework, Mdnsresponder | 2025-04-09 | N/A |
| The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 does not check for duplicate entries when adding newly discovered available contacts, which allows remote attackers to cause a denial of service (disrupted communication) via a flood of duplicate _presence._tcp mDNS queries. | ||||
| CVE-2008-1374 | 2 Apple, Redhat | 2 Cups, Enterprise Linux | 2025-04-09 | N/A |
| Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888. | ||||
| CVE-2007-6166 | 2 Apple, Microsoft | 5 Mac Os X, Quicktime, Safari and 2 more | 2025-04-09 | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | ||||
| CVE-2009-2834 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | ||||
| CVE-2009-2840 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors. | ||||
| CVE-2009-2841 | 1 Apple | 2 Mac Os X, Safari | 2025-04-09 | N/A |
| The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. | ||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | ||||
| CVE-2009-2842 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site. | ||||
| CVE-2007-2393 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution. | ||||
| CVE-2009-3272 | 1 Apple | 1 Safari | 2025-04-09 | N/A |
| Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | ||||
| CVE-2008-0997 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | N/A |
| Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer. | ||||
| CVE-2007-1008 | 1 Apple | 1 Itunes | 2025-04-09 | N/A |
| Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation. | ||||
| CVE-2007-0236 | 1 Apple | 1 Mac Os X | 2025-04-09 | N/A |
| Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow. | ||||
| CVE-2007-2394 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-09 | N/A |
| Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation. | ||||
| CVE-2007-2396 | 1 Apple | 1 Quicktime | 2025-04-09 | N/A |
| The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets. | ||||
| CVE-2009-3384 | 3 Apple, Microsoft, Redhat | 3 Safari, Windows, Enterprise Linux | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply. | ||||