Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1004 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
CVE-2008-1005 1 Apple 1 Safari 2017-08-07 2.1 LOW N/A
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
CVE-2008-1006 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
CVE-2008-1007 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2008-1008 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
CVE-2008-1009 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
CVE-2008-1010 1 Apple 1 Safari 2017-08-07 6.8 MEDIUM N/A
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
CVE-2008-1012 1 Apple 1 Apple Airport Extreme Base Station 2017-08-07 4.3 MEDIUM N/A
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."
CVE-2008-1011 1 Apple 1 Safari 2017-08-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
CVE-2008-1013 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
CVE-2008-1030 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 10.0 HIGH N/A
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow.
CVE-2008-1031 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 9.3 HIGH N/A
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
CVE-2008-0987 1 Apple 4 Aperture, Iphoto, Mac Os X and 1 more 2017-08-07 6.8 MEDIUM N/A
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.
CVE-2008-0989 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 6.9 MEDIUM N/A
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.
CVE-2008-0990 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 4.4 MEDIUM N/A
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.
CVE-2008-0992 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-07 5.8 MEDIUM N/A
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
CVE-2008-1014 1 Apple 1 Quicktime 2017-08-07 4.3 MEDIUM N/A
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
CVE-2008-1016 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
CVE-2008-1015 1 Apple 1 Quicktime 2017-08-07 6.8 MEDIUM N/A
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
CVE-2008-1024 2 Apple, Microsoft 3 Safari, Windows Vista, Windows Xp 2017-08-07 6.8 MEDIUM N/A
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.