Filtered by vendor Apple
Subscribe
Total
13303 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.5 HIGH | N/A |
|
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
|
|||||
| CVE-2011-0198 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
|
|||||
| CVE-2010-1179 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | 9.3 HIGH | N/A |
|
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.
|
|||||
| CVE-2010-2441 | 1 Apple | 1 Webkit | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.
|
|||||
| CVE-2010-0523 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types of uploaded files, which allows remote attackers to obtain sensitive information or possibly have unspecified other impact via a crafted file, as demonstrated by a Java applet.
|
|||||
| CVE-2010-3257 | 4 Apple, Canonical, Google and 1 more | 5 Iphone Os, Safari, Ubuntu Linux and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.
|
|||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2011-3234 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
|||||
| CVE-2012-2036 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2010-0058 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.4 MEDIUM | N/A |
|
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.
|
|||||
| CVE-2010-3819 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of Cascading Style Sheets (CSS) boxes, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
|
|||||
| CVE-2012-3734 | 1 Apple | 1 Iphone Os | 2025-04-11 | 1.9 LOW | N/A |
|
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
|
|||||
| CVE-2011-3229 | 1 Apple | 1 Safari | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
|
|||||
| CVE-2013-1039 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2025-04-11 | 6.8 MEDIUM | N/A |
|
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
|
|||||
| CVE-2012-3755 | 1 Apple | 1 Quicktime | 2025-04-11 | 9.3 HIGH | N/A |
|
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
|
|||||
| CVE-2011-0200 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.
|
|||||
| CVE-2011-3437 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
|
|||||
| CVE-2010-1411 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow.
|
|||||
| CVE-2013-1002 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
|
|||||
| CVE-2011-0619 | 6 Adobe, Apple, Google and 3 more | 6 Flash Player, Mac Os X, Android and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0620, CVE-2011-0621, and CVE-2011-0622.
|
|||||
| CVE-2010-4011 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue."
|
|||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state.
|
|||||
| CVE-2010-1811 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 6.8 MEDIUM | N/A |
|
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
|
|||||
| CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2022-43533 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | N/A | 7.8 HIGH |
|
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2022-43540 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | N/A | 5.5 MEDIUM |
|
A vulnerability exists in the ClearPass OnGuard macOS agent that allows for an attacker with local macOS instance access to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that is of a sensitive nature in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
|
|||||
| CVE-2024-31393 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 4.3 MEDIUM |
|
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124.
|
|||||
| CVE-2024-31392 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 7.5 HIGH |
|
If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124.
|
|||||
| CVE-2007-4708 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
|
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
|
|||||
| CVE-2009-0158 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.
|
|||||
| CVE-2009-1713 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
|
The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.
|
|||||
| CVE-2008-0998 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.
|
|||||
| CVE-2008-4221 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocation.
|
|||||
| CVE-2009-1716 | 1 Apple | 1 Safari | 2025-04-09 | 2.1 LOW | N/A |
|
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.
|
|||||
| CVE-2009-0950 | 1 Apple | 1 Itunes | 2025-04-09 | 9.3 HIGH | N/A |
|
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
|
|||||
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
|
|||||
| CVE-2006-4395 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."
|
|||||
| CVE-2009-0009 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption.
|
|||||
| CVE-2008-4230 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | 1.9 LOW | N/A |
|
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
|
|||||
| CVE-2008-1034 | 1 Apple | 1 Mac Os X | 2025-04-09 | 9.3 HIGH | N/A |
|
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
|
|||||