Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0147 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2019-03-06 | 4.3 MEDIUM | N/A |
| Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. | |||||
| CVE-2009-0195 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2019-03-06 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. | |||||
| CVE-2009-0799 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 4.3 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. | |||||
| CVE-2009-0166 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 4.3 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. | |||||
| CVE-2009-0146 | 3 Apple, Foolabs, Glyphandcog | 3 Cups, Xpdf, Xpdfreader | 2019-03-06 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. | |||||
| CVE-2009-1180 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 6.8 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | |||||
| CVE-2009-1182 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2019-03-06 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2019-6224 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. | |||||
| CVE-2019-6228 | 1 Apple | 2 Iphone Os, Safari | 2019-03-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue is fixed in iOS 12.1.3, Safari 12.0.3. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2019-6213 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-6209 | 1 Apple | 4 Iphone Os, Mac Os X, Tv Os and 1 more | 2019-03-06 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2019-6221 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Mac Os X and 1 more | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, iTunes 12.9.3 for Windows. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-6202 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-03-06 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, watchOS 5.1.3. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-6200 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-03-06 | 5.8 MEDIUM | 8.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
| CVE-2018-4193 | 1 Apple | 1 Mac Os X | 2019-02-26 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Windows Server" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2008-2540 | 2 Apple, Microsoft | 6 Safari, Internet Explorer, Windows Server 2003 and 3 more | 2019-02-26 | 9.3 HIGH | N/A |
| Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | |||||
| CVE-2016-4117 | 5 Adobe, Apple, Google and 2 more | 5 Flash Player, Mac Os X, Chrome Os and 2 more | 2019-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. | |||||
| CVE-2015-3746 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2019-02-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2015-3744 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2019-02-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||
| CVE-2015-3745 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2019-02-08 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | |||||