Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0172 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 4.9 MEDIUM | N/A |
AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. | |||||
CVE-2011-0173 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. | |||||
CVE-2011-0174 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. | |||||
CVE-2011-0176 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. | |||||
CVE-2011-0177 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font. | |||||
CVE-2011-0178 | 1 Apple | 3 Carboncore, Mac Os X, Mac Os X Server | 2011-03-23 | 2.1 LOW | N/A |
The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory. | |||||
CVE-2011-0179 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 6.8 MEDIUM | N/A |
CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font. | |||||
CVE-2011-0180 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 2.1 LOW | N/A |
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | |||||
CVE-2011-0183 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-23 | 5.0 MEDIUM | N/A |
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." | |||||
CVE-2011-0189 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2011-03-22 | 5.0 MEDIUM | N/A |
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. | |||||
CVE-2011-0190 | 1 Apple | 3 Installer, Mac Os X, Mac Os X Server | 2011-03-22 | 4.3 MEDIUM | N/A |
Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server. | |||||
CVE-2011-0193 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-22 | 6.8 MEDIUM | N/A |
Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | |||||
CVE-2011-0194 | 1 Apple | 3 Imageio, Mac Os X, Mac Os X Server | 2011-03-22 | 6.8 MEDIUM | N/A |
Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | |||||
CVE-2011-0115 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2011-03-17 | 7.6 HIGH | N/A |
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
CVE-2011-0132 | 2 Apple, Microsoft | 7 Itunes, Safari, Webkit and 4 more | 2011-03-17 | 7.6 HIGH | N/A |
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
CVE-2010-2264 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-03-17 | 4.3 MEDIUM | N/A |
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document. | |||||
CVE-2010-1760 | 1 Apple | 1 Webkit | 2011-03-17 | 10.0 HIGH | N/A |
loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150. | |||||
CVE-2010-0314 | 1 Apple | 1 Safari | 2011-03-17 | 5.0 MEDIUM | N/A |
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | |||||
CVE-2008-2307 | 2 Apple, Microsoft | 5 Mac Os X, Safari, Windows and 2 more | 2011-03-14 | 9.3 HIGH | N/A |
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption. | |||||
CVE-2005-2938 | 1 Apple | 1 Itunes | 2011-03-09 | 7.2 HIGH | N/A |
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. |