Filtered by vendor Apple
Subscribe
Total
13303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3429 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
|
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
|
|||||
| CVE-2011-2854 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
|
|||||
| CVE-2012-5279 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and before 11.1.115.27 on Android 4.x; Adobe AIR before 3.5.0.600; and Adobe AIR SDK before 3.5.0.600 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
|||||
| CVE-2013-1005 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
|
|||||
| CVE-2011-2101 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
|
|||||
| CVE-2012-3608 | 1 Apple | 1 Safari | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
|
|||||
| CVE-2010-0656 | 2 Apple, Google | 2 Webkit, Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other impact via a crafted local HTML document.
|
|||||
| CVE-2013-3351 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Multiple stack-based buffer overflows in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allow attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2013-0649 | 5 Adobe, Apple, Google and 2 more | 7 Air, Air Sdk, Flash Player and 4 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0644 and CVE-2013 ...
Show More |
|||||
| CVE-2010-1820 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through 10.6.4 does not properly handle errors, which allows remote attackers to bypass the password requirement for shared-folder access by leveraging knowledge of a valid account name.
|
|||||
| CVE-2011-0211 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
|
|||||
| CVE-2011-0127 | 2 Apple, Microsoft | 6 Itunes, Webkit, Windows and 3 more | 2025-04-11 | 7.6 HIGH | N/A |
|
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
|
|||||
| CVE-2010-1836 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
|
|||||
| CVE-2010-4008 | 9 Apache, Apple, Canonical and 6 more | 15 Openoffice, Iphone Os, Itunes and 12 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.
|
|||||
| CVE-2012-3643 | 1 Apple | 1 Itunes | 2025-04-11 | 6.8 MEDIUM | N/A |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
|
|||||
| CVE-2011-0245 | 1 Apple | 1 Quicktime | 2025-04-11 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted pict file.
|
|||||
| CVE-2011-2871 | 1 Apple | 2 Iphone Os, Itunes | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
|
|||||
| CVE-2012-0622 | 1 Apple | 2 Iphone Os, Itunes | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
|
|||||
| CVE-2012-5134 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxml2 | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.
|
|||||
| CVE-2012-3676 | 1 Apple | 1 Itunes | 2025-04-11 | 6.8 MEDIUM | N/A |
|
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
|
|||||
| CVE-2010-3793 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2025-04-11 | 6.8 MEDIUM | N/A |
|
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.
|
|||||
| CVE-2013-1032 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-11 | 6.8 MEDIUM | N/A |
|
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
|
|||||
| CVE-2010-3826 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
|
|||||
| CVE-2012-4154 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
|
|||||
| CVE-2013-5143 | 1 Apple | 1 Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.
|
|||||
| CVE-2011-2102 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
|
|||||
| CVE-2011-2857 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
|
|||||
| CVE-2013-5148 | 1 Apple | 1 Keynote | 2025-04-11 | 7.2 HIGH | N/A |
|
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.
|
|||||
| CVE-2011-3216 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 2.1 LOW | N/A |
|
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
|
|||||
| CVE-2010-1181 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
|
|||||
| CVE-2011-3036 | 3 Apple, Google, Opensuse | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
|
|||||
| CVE-2011-0172 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.9 MEDIUM | N/A |
|
AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.
|
|||||
| CVE-2011-0251 | 2 Apple, Microsoft | 6 Mac Os X, Mac Os X Server, Quicktime and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STSZ atoms in a QuickTime movie file.
|
|||||
| CVE-2012-1929 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Opera before 11.62 on Mac OS X allows remote attackers to spoof the address field and security dialogs via crafted styling that causes page content to be displayed outside of the intended content area.
|
|||||
| CVE-2010-1806 | 1 Apple | 1 Safari | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
|
|||||
| CVE-2011-0252 | 1 Apple | 1 Quicktime | 2025-04-11 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted STTS atoms in a QuickTime movie file.
|
|||||
| CVE-2011-2379 | 3 Apple, Microsoft, Mozilla | 3 Safari, Internet Explorer, Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.
|
|||||
| CVE-2011-2831 | 1 Apple | 2 Itunes, Webkit | 2025-04-11 | 7.6 HIGH | N/A |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
|
|||||
| CVE-2010-0543 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with MPEG2 encoding.
|
|||||
| CVE-2013-0982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 1.7 LOW | N/A |
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
|
|||||