Filtered by vendor Apple
Subscribe
Search
Total
4318 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0993 | 1 Apple | 3 Mac Os X, Mac Os X Server, Podcast Producer | 2013-08-27 | 2.1 LOW | N/A |
| Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings. | |||||
| CVE-2013-3345 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2013-3347 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Android and 2 more | 2013-08-22 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling. | |||||
| CVE-2012-5131 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-08-17 | 7.5 HIGH | N/A |
| Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2013-08-17 | 5.0 MEDIUM | N/A |
| The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
| CVE-2007-0588 | 1 Apple | 2 Mac Os X, Quicktime | 2013-08-15 | 7.1 HIGH | N/A |
| The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462. | |||||
| CVE-2013-2872 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-07-10 | 5.0 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a sufficient source of entropy for renderer processes, which might make it easier for remote attackers to defeat cryptographic protection mechanisms in third-party components via unspecified vectors. | |||||
| CVE-2007-0747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-07-03 | 7.2 HIGH | N/A |
| load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2013-3952 | 1 Apple | 1 Mac Os X | 2013-06-06 | 2.1 LOW | N/A |
| The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | |||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-06 | 2.1 LOW | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | |||||
| CVE-2013-1009 | 1 Apple | 1 Safari | 2013-06-05 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | |||||
| CVE-2013-0984 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 9.3 HIGH | N/A |
| Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | |||||
| CVE-2013-0982 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 1.7 LOW | N/A |
| The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | |||||
| CVE-2013-3949 | 1 Apple | 1 Mac Os X | 2013-06-05 | 2.1 LOW | N/A |
| The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. | |||||
| CVE-2013-1023 | 1 Apple | 1 Safari | 2013-06-05 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | |||||
| CVE-2013-1013 | 1 Apple | 1 Safari | 2013-06-05 | 4.3 MEDIUM | N/A |
| XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | |||||
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 4.9 MEDIUM | N/A |
| SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||||
| CVE-2013-0985 | 1 Apple | 1 Mac Os X | 2013-06-05 | 2.1 LOW | N/A |
| Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | |||||
| CVE-2013-0983 | 1 Apple | 1 Mac Os X | 2013-06-05 | 6.8 MEDIUM | N/A |
| Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | |||||
| CVE-2013-0975 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 6.8 MEDIUM | N/A |
| Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||||
| CVE-2013-0976 | 1 Apple | 1 Mac Os X | 2013-06-05 | 6.8 MEDIUM | N/A |
| IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. | |||||
| CVE-2010-2431 | 1 Apple | 1 Cups | 2013-05-15 | 2.6 LOW | N/A |
| The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. | |||||
| CVE-2010-2432 | 1 Apple | 1 Cups | 2013-05-15 | 5.0 MEDIUM | N/A |
| The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. | |||||
| CVE-2010-1411 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-05-15 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. | |||||
| CVE-2010-0393 | 1 Apple | 1 Cups | 2013-05-15 | 6.9 MEDIUM | N/A |
| The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. | |||||
| CVE-2013-0886 | 2 Apple, Google | 2 Mac Os X, Chrome | 2013-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors. | |||||
| CVE-2012-0681 | 1 Apple | 1 Apple Remote Desktop | 2013-04-02 | 4.3 MEDIUM | N/A |
| Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | |||||
| CVE-2012-0680 | 1 Apple | 1 Safari | 2013-04-02 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2013-03-26 | 3.6 LOW | N/A |
| The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | |||||
| CVE-2012-3737 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |||||
| CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2013-03-23 | 6.9 MEDIUM | N/A |
| The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |||||
| CVE-2012-3695 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | |||||
| CVE-2012-3696 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | |||||
| CVE-2012-3650 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
| CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | |||||
| CVE-2013-0966 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.4 MEDIUM | N/A |
| The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||||
| CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 4.3 MEDIUM | N/A |
| CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||||
| CVE-2013-0969 | 1 Apple | 1 Mac Os X | 2013-03-18 | 4.9 MEDIUM | N/A |
| Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | |||||
| CVE-2013-0971 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | |||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||||
| CVE-2013-0961 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | |||||
| CVE-2013-0963 | 1 Apple | 1 Iphone Os | 2013-03-16 | 2.1 LOW | N/A |
| Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. | |||||
| CVE-2013-0962 | 1 Apple | 1 Iphone Os | 2013-03-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | |||||
| CVE-2013-0959 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
| CVE-2013-0958 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
| CVE-2013-0956 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
| CVE-2013-0955 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
| CVE-2013-0954 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
| CVE-2013-0953 | 1 Apple | 1 Iphone Os | 2013-03-16 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||