Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5139 | 1 Apple | 1 Iphone Os | 2014-03-05 | 9.3 HIGH | N/A |
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | |||||
CVE-2013-5178 | 1 Apple | 1 Mac Os X | 2014-03-05 | 5.0 MEDIUM | N/A |
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | |||||
CVE-2013-5179 | 1 Apple | 1 Mac Os X | 2014-03-05 | 7.5 HIGH | N/A |
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | |||||
CVE-2013-1032 | 1 Apple | 2 Mac Os X, Quicktime | 2014-03-05 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. | |||||
CVE-2014-2234 | 1 Apple | 1 Mac Os X | 2014-03-05 | 6.4 MEDIUM | N/A |
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify callback function's documentation, which allows remote attackers to bypass extra verification within a custom application via a crafted certificate chain that is acceptable to TEA but not acceptable to that application. | |||||
CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-02-27 | 4.6 MEDIUM | N/A |
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
CVE-2014-1256 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2014-02-27 | 7.5 HIGH | N/A |
Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
CVE-2014-1255 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages. | |||||
CVE-2014-1262 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages that trigger memory corruption. | |||||
CVE-2014-1261 | 1 Apple | 1 Mac Os X | 2014-02-27 | 7.5 HIGH | N/A |
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font. | |||||
CVE-2014-1258 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image. | |||||
CVE-2014-1246 | 1 Apple | 1 Quicktime | 2014-02-27 | 9.3 HIGH | N/A |
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file. | |||||
CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2014-02-27 | 3.6 LOW | N/A |
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2014-1254 | 1 Apple | 1 Mac Os X | 2014-02-27 | 6.8 MEDIUM | N/A |
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document. | |||||
CVE-2014-1243 | 1 Apple | 1 Quicktime | 2014-02-27 | 9.3 HIGH | N/A |
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file. | |||||
CVE-2011-0191 | 2 Apple, Microsoft | 5 Itunes, Windows, Windows 7 and 2 more | 2014-02-20 | 9.3 HIGH | N/A |
Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | |||||
CVE-2011-0192 | 2 Apple, Microsoft | 5 Itunes, Windows, Windows 7 and 2 more | 2014-02-20 | 9.3 HIGH | N/A |
Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF Internet Fax image file that has been compressed using CCITT Group 4 encoding, related to the EXPAND2D macro in libtiff/tif_fax3.h. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2441 | 1 Apple | 1 Webkit | 2014-02-20 | 4.3 MEDIUM | N/A |
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. | |||||
CVE-2014-1870 | 2 Apple, Opera | 2 Mac Os X, Opera Browser | 2014-02-07 | 4.3 MEDIUM | N/A |
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation. | |||||
CVE-2013-5125 | 1 Apple | 1 Iphone Os | 2014-01-27 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |