Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3455 | 1 Apple | 1 Safari | 2009-09-29 | 7.5 HIGH | N/A |
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | |||||
CVE-2009-2815 | 1 Apple | 1 Iphone Os | 2009-09-23 | 7.8 HIGH | N/A |
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | |||||
CVE-2009-2205 | 1 Apple | 5 Java 1.4, Java 1.5, Java 1.6 and 2 more | 2009-09-18 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2009-0137 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-18 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues." | |||||
CVE-2009-2196 | 2 Apple, Microsoft | 5 Mac Os X, Mac Os X Server, Safari and 2 more | 2009-08-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | |||||
CVE-2009-2072 | 1 Apple | 1 Safari | 2009-06-22 | 5.4 MEDIUM | N/A |
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. | |||||
CVE-2009-1706 | 1 Apple | 1 Safari | 2009-06-18 | 5.0 MEDIUM | N/A |
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie. | |||||
CVE-2009-1704 | 1 Apple | 1 Safari | 2009-06-18 | 9.3 HIGH | N/A |
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file. | |||||
CVE-2009-1716 | 1 Apple | 1 Safari | 2009-06-18 | 2.1 LOW | N/A |
CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2009-1708 | 1 Apple | 1 Safari | 2009-06-18 | 9.3 HIGH | N/A |
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call. | |||||
CVE-2009-1682 | 1 Apple | 1 Safari | 2009-06-18 | 4.3 MEDIUM | N/A |
Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate. | |||||
CVE-2009-1705 | 1 Apple | 1 Safari | 2009-06-12 | 9.3 HIGH | N/A |
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data. | |||||
CVE-2009-0944 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-15 | 6.8 MEDIUM | N/A |
The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption. | |||||
CVE-2009-0160 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2009-05-15 | 6.8 MEDIUM | N/A |
QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption. | |||||
CVE-2008-5184 | 1 Apple | 1 Cups | 2009-01-28 | 10.0 HIGH | N/A |
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. | |||||
CVE-2008-5914 | 1 Apple | 1 Safari | 2009-01-23 | 2.1 LOW | N/A |
An unspecified function in the JavaScript implementation in Apple Safari creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2007-4431 | 1 Apple | 1 Safari | 2008-11-14 | 6.8 MEDIUM | N/A |
Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking." | |||||
CVE-2007-3718 | 1 Apple | 1 Safari | 2008-11-14 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in the SVG parsing engine in Apple Safari 3 Beta for Windows have unspecified remote attack vectors and impact. NOTE: this issue contains no actionable information, but it was released by a reliable researcher. | |||||
CVE-2007-2843 | 1 Apple | 1 Safari | 2008-11-14 | 10.0 HIGH | N/A |
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events. | |||||
CVE-2007-1222 | 2 Apple, Parallels | 2 Mac Os X, Parallels Desktop | 2008-11-14 | 7.2 HIGH | N/A |
Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory. |