Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-2796 | 1 Apple | 1 Iphone Os | 2017-08-16 | 2.1 LOW | N/A |
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |||||
CVE-2009-2800 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | |||||
CVE-2009-2804 | 2 Apple, Microsoft | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2017-08-16 | 6.8 MEDIUM | N/A |
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow. | |||||
CVE-2009-2803 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | |||||
CVE-2009-2805 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | |||||
CVE-2009-2807 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 7.2 HIGH | N/A |
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2009-2814 | 1 Apple | 1 Mac Os X Server | 2017-08-16 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | |||||
CVE-2009-2822 | 1 Apple | 2 Airport Base Station, Airport Utility | 2017-08-16 | 6.8 MEDIUM | N/A |
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | |||||
CVE-2009-2841 | 1 Apple | 2 Mac Os X, Safari | 2017-08-16 | 5.0 MEDIUM | N/A |
The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attackers to trigger sub-resource requests to arbitrary web sites via a crafted HTML document, as demonstrated by an HTML e-mail message that uses a media element for X-Confirm-Reading-To functionality, aka rdar problem 7271202. | |||||
CVE-2009-2062 | 1 Apple | 1 Safari | 2017-08-16 | 6.8 MEDIUM | N/A |
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | |||||
CVE-2009-2201 | 1 Apple | 1 Xsan | 2017-08-16 | 2.1 LOW | N/A |
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. | |||||
CVE-2009-1727 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. | |||||
CVE-2009-1723 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 4.3 MEDIUM | N/A |
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062. | |||||
CVE-2009-1711 | 1 Apple | 1 Safari | 2017-08-16 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. | |||||
CVE-2009-1712 | 1 Apple | 1 Safari | 2017-08-16 | 9.3 HIGH | N/A |
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. | |||||
CVE-2009-0942 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
CVE-2009-0943 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files. | |||||
CVE-2009-1042 | 1 Apple | 2 Mac Os X, Safari | 2017-08-16 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | |||||
CVE-2009-1060 | 1 Apple | 2 Mac Os X, Safari | 2017-08-16 | 9.3 HIGH | N/A |
Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. | |||||
CVE-2009-1728 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. |