Filtered by vendor Apple
Subscribe
Total
10175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2006 | 1 Apple | 2 Ical, Mac Os X | 2018-10-11 | 4.3 MEDIUM | N/A |
| Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a .ics file containing (1) a large 16-bit integer on a TRIGGER line, or (2) a large integer in a COUNT field on an RRULE line. | |||||
| CVE-2008-1999 | 1 Apple | 1 Safari | 2018-10-11 | 5.0 MEDIUM | N/A |
| Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | |||||
| CVE-2008-1581 | 2 Apple, Microsoft | 3 Quicktime, Windows Vista, Windows Xp | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | |||||
| CVE-2008-1585 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally demonstrated by crafted file: URLs. | |||||
| CVE-2008-1584 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | |||||
| CVE-2008-1017 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
| CVE-2008-1018 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | |||||
| CVE-2008-1020 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages. | |||||
| CVE-2008-1021 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding. | |||||
| CVE-2008-1022 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size. | |||||
| CVE-2008-1026 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2018-10-11 | 6.8 MEDIUM | N/A |
| Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-1019 | 1 Apple | 1 Quicktime | 2018-10-11 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop. | |||||
| CVE-2008-1035 | 1 Apple | 1 Ical | 2018-10-11 | 4.3 MEDIUM | N/A |
| Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and user-assisted remote attackers, to trigger memory corruption or possibly execute arbitrary code via an "ATTACH;VALUE=URI:S=osumi" line in a .ics file, which triggers a "resource liberation" bug. NOTE: CVE-2008-2007 was originally used for this issue, but this is the appropriate identifier. | |||||
| CVE-2011-0228 | 1 Apple | 1 Iphone Os | 2018-10-10 | 7.5 HIGH | N/A |
| The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | |||||
| CVE-2011-0258 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2018-10-10 | 9.3 HIGH | N/A |
| Apple QuickTime before 7.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image description associated with an mp4v tag in a movie file. | |||||
| CVE-2010-1402 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2018-10-10 | 9.3 HIGH | N/A |
| Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object. | |||||
| CVE-2010-1403 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2018-10-10 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction. | |||||
| CVE-2010-1404 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2018-10-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction. | |||||
| CVE-2010-1749 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2018-10-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times. | |||||
| CVE-2010-1795 | 1 Apple | 1 Itunes | 2018-10-10 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in Apple iTunes before 9.1, when running on Windows 7, Vista, and XP, allows local users and possibly remote attackers to gain privileges via a Trojan horse DLL in the current working directory. | |||||