Filtered by vendor Apple
Subscribe
Total
12408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0644 | 1 Apple | 1 Safari | 2025-04-09 | 7.1 HIGH | N/A |
| Format string vulnerability in Apple Safari 2.0.4 (419.3) allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in filenames that are not properly handled when calling the (1) NSLog and (2) NSBeginAlertSheet Apple AppKit functions. | |||||
| CVE-2007-0751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might delete filesystems that have been mounted in /tmp, which might allow local users to cause a denial of service, related to the find command. | |||||
| CVE-2008-1000 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||||
| CVE-2009-2829 | 1 Apple | 1 Mac Os X Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection" issue. | |||||
| CVE-2007-0059 | 1 Apple | 1 Quicktime | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm. | |||||
| CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2025-04-09 | 7.2 HIGH | N/A |
| Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. | |||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
| CVE-2007-0719 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to execute arbitrary code via an image with a crafted ColorSync profile. | |||||
| CVE-2006-4394 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.5 HIGH | N/A |
| A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. | |||||
| CVE-2007-4677 | 2 Apple, Microsoft | 4 Mac Os X, Quicktime, Windows Vista and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values. | |||||
| CVE-2008-1008 | 1 Apple | 1 Safari | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | |||||
| CVE-2008-1701 | 2 Apple, Novell | 2 Mac Os X, Iprint | 2025-04-09 | 5.0 MEDIUM | N/A |
| Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request. | |||||
| CVE-2008-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||||
| CVE-2006-6126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 2.1 LOW | N/A |
| Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. | |||||
| CVE-2007-6722 | 3 Apple, Microsoft, Vidalia-project | 3 Mac Os X, Windows, Vidalia Bundle | 2025-04-09 | 5.0 MEDIUM | N/A |
| Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||
| CVE-2008-1573 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-09 | 7.1 HIGH | N/A |
| The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||||
| CVE-2007-0318 | 1 Apple | 1 Mac Os X | 2025-04-09 | 7.8 HIGH | N/A |
| The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal. | |||||
| CVE-2008-3950 | 1 Apple | 3 Iphone, Ipod Touch, Safari | 2025-04-09 | 5.0 MEDIUM | N/A |
| Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. | |||||
| CVE-2007-4684 | 1 Apple | 1 Mac Os X | 2025-04-09 | 6.9 MEDIUM | N/A |
| Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call. | |||||
| CVE-2009-0953 | 1 Apple | 1 Quicktime | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||||