Filtered by vendor Apple
Subscribe
Total
13275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2403 | 1 Apple | 3 Cfnetwork, Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly validate ftp: URIs, which allows remote attackers to trigger the transmission of arbitrary FTP commands to arbitrary FTP servers. | |||||
| CVE-2008-1584 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | |||||
| CVE-2009-2804 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. | |||||
| CVE-2008-1589 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | |||||
| CVE-2009-2799 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. | |||||
| CVE-2008-2321 | 1 Apple | 3 Coregraphics, Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments." | |||||
| CVE-2008-2329 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 1.9 LOW | N/A |
| Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active Directory is used, allows attackers to enumerate user names via wildcard characters in the Login Window. | |||||
| CVE-2008-4214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and 10.5.5 allows local users to cause the scripting dictionary to be written to arbitrary locations, related to an "insecure file operation" on temporary files. | |||||
| CVE-2008-0063 | 7 Apple, Canonical, Debian and 4 more | 11 Mac Os X, Mac Os X Server, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka "Uninitialized stack values." | |||||
| CVE-2008-2304 | 1 Apple | 1 Core Image Fun House | 2025-04-09 | 6.8 MEDIUM | N/A |
| Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains many characters. | |||||
| CVE-2006-6015 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | |||||
| CVE-2007-3753 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 7.5 HIGH | N/A |
| Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. | |||||
| CVE-2007-3761 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. | |||||
| CVE-2009-1712 | 1 Apple | 1 Safari | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | |||||
| CVE-2007-3758 | 2 Apple, Microsoft | 5 Iphone Os, Mac Os X, Safari and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2008-0060 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link. | |||||
| CVE-2008-0778 | 1 Apple | 1 Quicktime | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods. | |||||
| CVE-2009-1703 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
| WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document. | |||||
| CVE-2007-5450 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file. | |||||
| CVE-2007-4709 | 1 Apple | 1 Mac Os X | 2025-04-09 | 8.8 HIGH | N/A |
| Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response. | |||||