Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apple
Angry Yack Logo
Total 13303 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0234 1 Apple 1 Quicktime 2025-04-09 9.3 HIGH N/A
Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 error message.
CVE-2008-4217 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.
CVE-2009-1699 3 Apple, Canonical, Opensuse 4 Iphone Os, Safari, Ubuntu Linux and 1 more 2025-04-09 7.1 HIGH 7.5 HIGH
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
CVE-2007-1916 8 Apple, Hp, Ibm and 5 more 11 Macos, Hp-ux, Tru64 and 8 more 2025-04-09 10.0 HIGH N/A
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
CVE-2009-2842 1 Apple 1 Safari 2025-04-09 4.3 MEDIUM N/A
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
CVE-2006-6906 1 Apple 1 Mac Os X 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.
CVE-2007-0059 1 Apple 1 Quicktime 2025-04-09 6.8 MEDIUM N/A
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
CVE-2008-5184 1 Apple 1 Cups 2025-04-09 10.0 HIGH N/A
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
CVE-2007-4431 1 Apple 1 Safari 2025-04-09 6.8 MEDIUM N/A
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."
CVE-2007-4699 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2025-04-09 7.5 HIGH N/A
The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.
CVE-2007-3748 1 Apple 3 Ichat, Mac Os X, Mac Os X Server 2025-04-09 5.4 MEDIUM N/A
Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in iChat on Apple Mac OS X 10.3.9 and 10.4.10 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.
CVE-2006-4400 1 Apple 1 Mac Os X 2025-04-09 5.1 MEDIUM N/A
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
CVE-2008-3635 3 Apple, Intel, Microsoft 5 Quicktime, Indeo, Windows-nt and 2 more 2025-04-09 9.3 HIGH N/A
Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2009-1692 1 Apple 3 Iphone Os, Ipod Touch, Safari 2025-04-09 7.1 HIGH N/A
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
CVE-2008-1030 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 10.0 HIGH N/A
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
CVE-2009-2200 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2025-04-09 7.1 HIGH N/A
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
CVE-2009-0951 1 Apple 1 Quicktime 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.
CVE-2009-0800 4 Apple, Foolabs, Glyphandcog and 1 more 4 Cups, Xpdf, Xpdfreader and 1 more 2025-04-09 6.8 MEDIUM N/A
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2007-0723 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 8.5 HIGH N/A
Unspecified vulnerability in the authentication feature for DirectoryService (DS Plug-Ins) for Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote authenticated LDAP users to modify the root password and gain privileges via unknown vectors.
CVE-2008-2321 1 Apple 3 Coregraphics, Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
CVE-2009-2817 1 Apple 1 Itunes 2025-04-09 9.3 HIGH N/A
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
CVE-2007-0729 1 Apple 3 Mac Os X, Mac Os X Preview.app, Mac Os X Server 2025-04-09 7.2 HIGH N/A
Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment before executing commands, which allows local users to gain privileges by setting unspecified environment variables.
CVE-2007-5862 1 Apple 1 Mac Os X 2025-04-09 9.4 HIGH N/A
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
CVE-2009-0961 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 5.0 MEDIUM N/A
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
CVE-2009-0957 1 Apple 1 Quicktime 2025-04-09 9.3 HIGH N/A
Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.
CVE-2009-1693 1 Apple 1 Safari 2025-04-09 5.8 MEDIUM N/A
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."
CVE-2008-2311 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 7.6 HIGH N/A
Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
CVE-2007-4689 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 10.0 HIGH N/A
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
CVE-2007-6165 1 Apple 1 Mac Os X 2025-04-09 9.3 HIGH N/A
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
CVE-2008-1586 1 Apple 2 Iphone Os, Ipod Touch 2025-04-09 7.1 HIGH N/A
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
CVE-2009-3959 4 Adobe, Apple, Microsoft and 1 more 5 Acrobat, Acrobat Reader, Mac Os X and 2 more 2025-04-09 10.0 HIGH N/A
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
CVE-2007-2390 1 Apple 1 Mac Os X 2025-04-09 10.0 HIGH N/A
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
CVE-2007-3185 1 Apple 1 Safari 2025-04-09 7.8 HIGH N/A
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
CVE-2006-4387 1 Apple 1 Mac Os X 2025-04-09 4.6 MEDIUM N/A
Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.
CVE-2008-3627 1 Apple 1 Quicktime 2025-04-09 9.3 HIGH N/A
Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file.
CVE-2009-0945 2 Apple, Microsoft 5 Mac Os X, Mac Os X Server, Safari and 2 more 2025-04-09 9.3 HIGH N/A
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGL ...

Show More
CVE-2008-1028 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
CVE-2009-0008 2 Apple, Microsoft 3 Quicktime Mpeg-2 Playback Component, Windows Vista, Windows Xp 2025-04-09 7.6 HIGH N/A
Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.
CVE-2007-0740 1 Apple 1 Mac Os X 2025-04-09 6.8 MEDIUM N/A
Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display files with the same name in mounted disk images that have the same name, which might allow user-assisted attackers to trick a user into executing malicious files.
CVE-2007-0715 1 Apple 1 Quicktime 2025-04-09 5.8 MEDIUM N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.