Vendor CVEs
Apple Inc.
All CVEs
8,452 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-0043 | 0.09 | — | 0.69 | May 2, 2005 | Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | |||
| CVE-2004-2687 | 0.09 | — | 0.81 | Dec 31, 2004 | distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | |||
| CVE-2003-0050 | 0.09 | — | 0.69 | Mar 7, 2003 | parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters. | |||
| CVE-2011-0257 | 0.08 | — | 0.60 | Aug 15, 2011 | Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow. | |||
| CVE-2010-1807 | 0.08 | — | 0.61 | Sep 10, 2010 | WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted… | |||
| CVE-2006-0848 | 0.08 | — | 0.58 | Feb 22, 2006 | The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which… | |||
| CVE-2003-0694 | 0.08 | — | 0.60 | Oct 6, 2003 | The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. | |||
| CVE-2026-28898 | low | 0.07 | — | 0.00 | Jun 12, 2026 | swift-nio-http2's HTTP/2-to-HTTP/1.1 codec (`HTTP2FramePayloadToHTTP1ServerCodec` / `HTTP2ToHTTP1ServerCodec`) did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request… | ||
| CVE-2015-7007 | 0.07 | — | 0.53 | Oct 23, 2015 | Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | |||
| CVE-2011-3230 | 0.07 | — | 0.50 | Oct 14, 2011 | Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||
| CVE-2007-6165 | 0.07 | — | 0.45 | Nov 29, 2007 | Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be… | |||
| CVE-2007-2386 | 0.07 | — | 0.50 | May 24, 2007 | Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet. | |||
| CVE-2007-0015 | 0.07 | — | 0.48 | Jan 1, 2007 | Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI. | |||
| CVE-2006-0395 | 0.07 | — | 0.54 | Aug 5, 2006 | The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||
| CVE-2015-3783 | 0.06 | — | 0.36 | Aug 16, 2015 | SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2014-1303 | 0.06 | — | 0.35 | Mar 26, 2014 | Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014. | |||
| CVE-2013-6420 | 0.06 | — | 0.36 | Dec 17, 2013 | The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a… | |||
| CVE-2013-1017 | 0.06 | — | 0.33 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. | |||
| CVE-2012-3753 | 0.06 | — | 0.35 | Nov 9, 2012 | Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type. | |||
| CVE-2012-3752 | 0.06 | — | 0.36 | Nov 9, 2012 | Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file. | |||
| CVE-2011-3026 | 0.06 | — | 0.73 | Feb 16, 2012 | Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. | |||
| CVE-2011-1774 | 0.06 | — | 0.43 | Jul 21, 2011 | WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425. | |||
| CVE-2010-1818 | 0.06 | — | 0.43 | Aug 31, 2010 | The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer. | |||
| CVE-2010-1799 | 0.06 | — | 0.34 | Aug 16, 2010 | Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||
| CVE-2007-6166 | 0.06 | — | 0.42 | Nov 29, 2007 | Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header. | |||
| CVE-2004-0430 | 0.06 | — | 0.41 | Jul 7, 2004 | Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string… | |||
| CVE-2002-0659 | 0.06 | — | 0.36 | Aug 12, 2002 | The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | |||
| CVE-1999-1412 | 0.06 | — | 0.35 | Jun 3, 1999 | A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes. | |||
| CVE-2015-6908 | 0.05 | — | 0.20 | Sep 11, 2015 | The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd. | |||
| CVE-2015-4148 | 0.05 | — | 0.19 | Jun 9, 2015 | The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data… | |||
| CVE-2014-8147 | 0.05 | — | 0.23 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause… | |||
| CVE-2014-8146 | 0.05 | — | 0.24 | May 25, 2015 | The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a… | |||
| CVE-2015-3073 | 0.05 | — | 0.25 | May 13, 2015 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,… | |||
| CVE-2014-4492 | 0.05 | — | 0.20 | Jan 30, 2015 | libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as… | |||
| CVE-2013-5704 | 0.05 | — | 0.60 | Apr 15, 2014 | The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as… | |||
| CVE-2014-1912 | 0.05 | — | 0.28 | Mar 1, 2014 | Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. | |||
| CVE-2012-0663 | 0.05 | — | 0.29 | May 16, 2012 | Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file. | |||
| CVE-2011-0222 | 0.05 | — | 0.22 | Jul 21, 2011 | WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | |||
| CVE-2011-0419 | 0.05 | — | 0.30 | May 16, 2011 | Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris… | |||
| CVE-2010-1797 | 0.05 | — | 0.31 | Aug 16, 2010 | Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote… | |||
| CVE-2010-1119 | 0.05 | — | 0.19 | Mar 25, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or… | |||
| CVE-2009-0950 | 0.05 | — | 0.29 | Jun 2, 2009 | Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon. | |||
| CVE-2008-3641 | 0.05 | — | 0.24 | Oct 10, 2008 | The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. | |||
| CVE-2008-3529 | 0.05 | — | 0.23 | Sep 12, 2008 | Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | |||
| CVE-2008-1391 | 0.05 | — | 0.19 | Mar 27, 2008 | Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in… | |||
| CVE-2007-5863 | 0.05 | — | 0.23 | Dec 19, 2007 | Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option. | |||
| CVE-2007-0021 | 0.05 | — | 0.23 | Jan 23, 2007 | Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | |||
| CVE-2007-0236 | 0.05 | — | 0.21 | Jan 16, 2007 | Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer… | |||
| CVE-2006-6652 | 0.05 | — | 0.19 | Dec 20, 2006 | Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long… | |||
| CVE-2006-1982 | 0.05 | — | 0.20 | Apr 21, 2006 | Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images. |
- CVE-2005-0043May 2, 2005risk 0.09cvss —epss 0.69
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
- CVE-2004-2687Dec 31, 2004risk 0.09cvss —epss 0.81
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
- CVE-2003-0050Mar 7, 2003risk 0.09cvss —epss 0.69
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
- CVE-2011-0257Aug 15, 2011risk 0.08cvss —epss 0.60
Integer signedness error in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PnSize opcode in a PICT file that triggers a stack-based buffer overflow.
- CVE-2010-1807Sep 10, 2010risk 0.08cvss —epss 0.61
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
- CVE-2006-0848Feb 22, 2006risk 0.08cvss —epss 0.58
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which…
- CVE-2003-0694Oct 6, 2003risk 0.08cvss —epss 0.60
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
- risk 0.07cvss —epss 0.00
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec (`HTTP2FramePayloadToHTTP1ServerCodec` / `HTTP2ToHTTP1ServerCodec`) did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. A remote attacker could send an HTTP/2 request…
- CVE-2015-7007Oct 23, 2015risk 0.07cvss —epss 0.53
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
- CVE-2011-3230Oct 14, 2011risk 0.07cvss —epss 0.50
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
- CVE-2007-6165Nov 29, 2007risk 0.07cvss —epss 0.45
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be…
- CVE-2007-2386May 24, 2007risk 0.07cvss —epss 0.50
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
- CVE-2007-0015Jan 1, 2007risk 0.07cvss —epss 0.48
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
- CVE-2006-0395Aug 5, 2006risk 0.07cvss —epss 0.54
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
- CVE-2015-3783Aug 16, 2015risk 0.06cvss —epss 0.36
SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
- CVE-2014-1303Mar 26, 2014risk 0.06cvss —epss 0.35
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
- CVE-2013-6420Dec 17, 2013risk 0.06cvss —epss 0.36
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a…
- CVE-2013-1017May 24, 2013risk 0.06cvss —epss 0.33
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file.
- CVE-2012-3753Nov 9, 2012risk 0.06cvss —epss 0.35
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
- CVE-2012-3752Nov 9, 2012risk 0.06cvss —epss 0.36
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
- CVE-2011-3026Feb 16, 2012risk 0.06cvss —epss 0.73
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
- CVE-2011-1774Jul 21, 2011risk 0.06cvss —epss 0.43
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
- CVE-2010-1818Aug 31, 2010risk 0.06cvss —epss 0.43
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
- CVE-2010-1799Aug 16, 2010risk 0.06cvss —epss 0.34
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
- CVE-2007-6166Nov 29, 2007risk 0.06cvss —epss 0.42
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
- CVE-2004-0430Jul 7, 2004risk 0.06cvss —epss 0.41
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string…
- CVE-2002-0659Aug 12, 2002risk 0.06cvss —epss 0.36
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
- CVE-1999-1412Jun 3, 1999risk 0.06cvss —epss 0.35
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
- CVE-2015-6908Sep 11, 2015risk 0.05cvss —epss 0.20
The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 and earlier allows remote attackers to cause a denial of service (reachable assertion and application crash) via crafted BER data, as demonstrated by an attack against slapd.
- CVE-2015-4148Jun 9, 2015risk 0.05cvss —epss 0.19
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data…
- CVE-2014-8147May 25, 2015risk 0.05cvss —epss 0.23
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause…
- CVE-2014-8146May 25, 2015risk 0.05cvss —epss 0.24
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a…
- CVE-2015-3073May 13, 2015risk 0.05cvss —epss 0.25
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-2015-3062,…
- CVE-2014-4492Jan 30, 2015risk 0.05cvss —epss 0.20
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as…
- CVE-2013-5704Apr 15, 2014risk 0.05cvss —epss 0.60
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as…
- CVE-2014-1912Mar 1, 2014risk 0.05cvss —epss 0.28
Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.
- CVE-2012-0663May 16, 2012risk 0.05cvss —epss 0.29
Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
- CVE-2011-0222Jul 21, 2011risk 0.05cvss —epss 0.22
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
- CVE-2011-0419May 16, 2011risk 0.05cvss —epss 0.30
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris…
- CVE-2010-1797Aug 16, 2010risk 0.05cvss —epss 0.31
Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote…
- CVE-2010-1119Mar 25, 2010risk 0.05cvss —epss 0.19
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or…
- CVE-2009-0950Jun 2, 2009risk 0.05cvss —epss 0.29
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
- CVE-2008-3641Oct 10, 2008risk 0.05cvss —epss 0.24
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
- CVE-2008-3529Sep 12, 2008risk 0.05cvss —epss 0.23
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
- CVE-2008-1391Mar 27, 2008risk 0.05cvss —epss 0.19
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in…
- CVE-2007-5863Dec 19, 2007risk 0.05cvss —epss 0.23
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
- CVE-2007-0021Jan 23, 2007risk 0.05cvss —epss 0.23
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.
- CVE-2007-0236Jan 16, 2007risk 0.05cvss —epss 0.21
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer…
- CVE-2006-6652Dec 20, 2006risk 0.05cvss —epss 0.19
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long…
- CVE-2006-1982Apr 21, 2006risk 0.05cvss —epss 0.20
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
Page 102 of 170