Filtered by vendor Apple
Subscriptions
Total
13717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3449 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document. | ||||
| CVE-2013-5187 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
| CVE-2011-3450 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL. | ||||
| CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
| CVE-2013-5184 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. | ||||
| CVE-2013-5181 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2010-1119 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Mac Os X Server and 2 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. | ||||
| CVE-2011-3452 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the Wi-Fi configuration across software updates, which allows remote attackers to obtain sensitive information by leveraging the lack of a WEP password for a Wi-Fi network. | ||||
| CVE-2011-3463 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not properly perform authentication, which allows local users to gain privileges by leveraging access to (1) the server or (2) a bound directory. | ||||
| CVE-2013-5180 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | ||||
| CVE-2010-1396 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements. | ||||
| CVE-2013-5179 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | ||||
| CVE-2011-3640 | 3 Apple, Google, Microsoft | 3 Macos, Chrome, Windows | 2025-04-11 | N/A |
| Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." | ||||
| CVE-2011-3919 | 5 Apple, Debian, Google and 2 more | 11 Iphone Os, Mac Os X, Debian Linux and 8 more | 2025-04-11 | N/A |
| Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2013-5176 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | ||||
| CVE-2012-0662 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | ||||
| CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | ||||
| CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | ||||
| CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | ||||
| CVE-2011-2896 | 4 Apple, Gimp, Redhat and 1 more | 4 Cups, Gimp, Enterprise Linux and 1 more | 2025-04-11 | N/A |
| The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. | ||||