Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1378 5 Adobe, Apple, Google and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2014-03-25 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1380.
CVE-2013-1380 5 Adobe, Apple, Google and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2014-03-25 10.0 HIGH N/A
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.1530; and Adobe AIR SDK & Compiler before 3.7.0.1530 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1378.
CVE-2013-0646 5 Adobe, Apple, Google and 2 more 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more 2014-03-25 10.0 HIGH N/A
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-0650 5 Adobe, Apple, Google and 2 more 9 Adobe Air, Adobe Air Sdk, Adobe Air Sdk And Compiler and 6 more 2014-03-25 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Android 4.x; Adobe AIR before 3.6.0.6090; Adobe AIR SDK before 3.6.0.6090; and Adobe AIR SDK & Compiler before 3.6.0.6090 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2013-3948 1 Apple 1 Iphone Os 2014-03-15 4.3 MEDIUM N/A
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.
CVE-2013-5133 1 Apple 1 Iphone Os 2014-03-14 8.8 HIGH N/A
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
CVE-2014-1286 1 Apple 1 Iphone Os 2014-03-14 5.0 MEDIUM N/A
SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
CVE-2014-1285 1 Apple 1 Iphone Os 2014-03-14 5.8 MEDIUM N/A
Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
CVE-2014-1281 1 Apple 1 Iphone Os 2014-03-14 1.9 LOW N/A
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.
CVE-2014-1276 1 Apple 1 Iphone Os 2014-03-14 5.0 MEDIUM N/A
IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
CVE-2014-1274 1 Apple 1 Iphone Os 2014-03-14 2.1 LOW N/A
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
CVE-2014-1245 1 Apple 1 Quicktime 2014-03-10 9.3 HIGH N/A
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
CVE-2014-1248 1 Apple 1 Quicktime 2014-03-10 9.3 HIGH N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
CVE-2014-1249 1 Apple 1 Quicktime 2014-03-10 9.3 HIGH N/A
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
CVE-2014-1247 1 Apple 1 Quicktime 2014-03-10 9.3 HIGH N/A
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
CVE-2014-1250 1 Apple 1 Quicktime 2014-03-10 9.3 HIGH N/A
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.
CVE-2014-1259 1 Apple 2 Mac Os X, Mac Os X Server 2014-03-10 6.8 MEDIUM N/A
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
CVE-2014-1260 1 Apple 1 Mac Os X 2014-03-10 6.8 MEDIUM N/A
QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
CVE-2014-1264 1 Apple 1 Mac Os X 2014-03-10 3.3 LOW N/A
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstances via standard filesystem operations on a file with a damaged ACL.
CVE-2013-6891 2 Apple, Canonical 2 Cups, Ubuntu Linux 2014-03-05 1.2 LOW N/A
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.