Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-3254 | 1 Apple | 1 Iphone Os | 2011-10-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |||||
CVE-2011-3253 | 1 Apple | 1 Iphone Os | 2011-10-14 | 2.6 LOW | N/A |
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||||
CVE-2011-0223 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-13 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
CVE-2011-0215 | 2 Apple, Microsoft | 5 Imageio, Safari, Windows 7 and 2 more | 2011-10-13 | 9.3 HIGH | N/A |
ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | |||||
CVE-2011-0237 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-13 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
CVE-2011-0240 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-13 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
CVE-2011-0253 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-10-13 | 9.3 HIGH | N/A |
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||||
CVE-2007-6165 | 1 Apple | 1 Mac Os X | 2011-10-05 | 9.3 HIGH | N/A |
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. | |||||
CVE-2010-4754 | 4 Apple, Freebsd, Netbsd and 1 more | 4 Mac Os X, Freebsd, Netbsd and 1 more | 2011-09-20 | 4.0 MEDIUM | N/A |
The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, and OpenBSD 4.7, and Libsystem in Apple Mac OS X before 10.6.8, allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. | |||||
CVE-2011-0188 | 2 Apple, Ruby-lang | 3 Mac Os X, Mac Os X Server, Ruby | 2011-08-23 | 6.8 MEDIUM | N/A |
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue." | |||||
CVE-2010-1386 | 1 Apple | 1 Webkit | 2011-08-22 | 10.0 HIGH | N/A |
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | |||||
CVE-2011-0186 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-08-10 | 6.8 MEDIUM | N/A |
QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image. | |||||
CVE-2011-0209 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-08-10 | 6.8 MEDIUM | N/A |
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file. | |||||
CVE-2011-0211 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-08-10 | 6.8 MEDIUM | N/A |
Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
CVE-2011-0213 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2011-08-10 | 6.8 MEDIUM | N/A |
Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file. | |||||
CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2011-07-25 | 7.2 HIGH | N/A |
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | |||||
CVE-2011-0195 | 1 Apple | 1 Iphone Os | 2011-07-22 | 4.3 MEDIUM | N/A |
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | |||||
CVE-2011-0201 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-07-22 | 7.5 HIGH | N/A |
Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow. | |||||
CVE-2011-0202 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-07-22 | 6.8 MEDIUM | N/A |
Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document. | |||||
CVE-2010-1383 | 2 Apple, Microsoft | 5 Cfnetwork, Safari, Windows 7 and 2 more | 2011-07-21 | 9.3 HIGH | N/A |
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. |