Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1004 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. | |||||
CVE-2008-1005 | 1 Apple | 1 Safari | 2017-08-07 | 2.1 LOW | N/A |
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | |||||
CVE-2008-1006 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | |||||
CVE-2008-1007 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
CVE-2008-1008 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | |||||
CVE-2008-1009 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. | |||||
CVE-2008-1010 | 1 Apple | 1 Safari | 2017-08-07 | 6.8 MEDIUM | N/A |
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||||
CVE-2008-1012 | 1 Apple | 1 Apple Airport Extreme Base Station | 2017-08-07 | 4.3 MEDIUM | N/A |
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | |||||
CVE-2008-1011 | 1 Apple | 1 Safari | 2017-08-07 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | |||||
CVE-2008-1013 | 1 Apple | 1 Quicktime | 2017-08-07 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | |||||
CVE-2008-1030 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 10.0 HIGH | N/A |
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based buffer overflow. | |||||
CVE-2008-1031 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 9.3 HIGH | N/A |
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | |||||
CVE-2008-0987 | 1 Apple | 4 Aperture, Iphoto, Mac Os X and 1 more | 2017-08-07 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | |||||
CVE-2008-0989 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 6.9 MEDIUM | N/A |
Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||||
CVE-2008-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 4.4 MEDIUM | N/A |
notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications. | |||||
CVE-2008-0992 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-07 | 5.8 MEDIUM | N/A |
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value. | |||||
CVE-2008-1014 | 1 Apple | 1 Quicktime | 2017-08-07 | 4.3 MEDIUM | N/A |
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||||
CVE-2008-1016 | 1 Apple | 1 Quicktime | 2017-08-07 | 6.8 MEDIUM | N/A |
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. | |||||
CVE-2008-1015 | 1 Apple | 1 Quicktime | 2017-08-07 | 6.8 MEDIUM | N/A |
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2017-08-07 | 6.8 MEDIUM | N/A |
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. |