Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2711 2 Apple, Hp 2 Ipad, Magcloud 2017-08-16 6.4 MEDIUM N/A
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.
CVE-2010-2913 2 Apple, Citibank 2 Iphone Os, Citi Mobile 2017-08-16 2.1 LOW N/A
The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.
CVE-2010-2941 1 Apple 1 Cups 2017-08-16 7.9 HIGH N/A
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
CVE-2009-3692 3 Apple, Linux, Sun 5 Mac Os X, Linux, Opensolaris and 2 more 2017-08-16 7.2 HIGH N/A
Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.
CVE-2009-4186 2 Apple, Microsoft 2 Safari, Windows 2017-08-16 9.3 HIGH N/A
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
CVE-2009-4243 3 Apple, Microsoft, Realnetworks 6 Mac Os X, Windows, Helix Player and 3 more 2017-08-16 9.3 HIGH N/A
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
CVE-2010-0036 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 9.3 HIGH N/A
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
CVE-2010-0037 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 9.3 HIGH N/A
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
CVE-2009-2207 1 Apple 1 Iphone Os 2017-08-16 2.1 LOW N/A
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
CVE-2009-2188 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 9.3 HIGH N/A
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
CVE-2009-2190 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 7.8 HIGH N/A
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
CVE-2009-2192 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 7.5 HIGH N/A
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
CVE-2009-2191 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 7.5 HIGH N/A
Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.
CVE-2009-2193 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 10.0 HIGH N/A
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
CVE-2009-2194 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 4.9 MEDIUM N/A
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
CVE-2009-2198 1 Apple 1 Garageband 2017-08-16 4.3 MEDIUM N/A
Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.
CVE-2009-2419 1 Apple 1 Safari 2017-08-16 4.3 MEDIUM N/A
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.
CVE-2009-2811 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 6.8 MEDIUM N/A
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
CVE-2009-2794 1 Apple 1 Iphone Os 2017-08-16 4.6 MEDIUM N/A
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value.
CVE-2009-2809 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 6.8 MEDIUM N/A
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."