Vendor CVEs
Apple Inc.
All CVEs
8,452 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-2340 | 0.05 | — | 0.26 | Dec 31, 2005 | Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. | |||
| CVE-2003-0681 | 0.05 | — | 0.20 | Oct 6, 2003 | A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. | |||
| CVE-2015-7112 | 0.04 | — | 0.09 | Dec 11, 2015 | The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than… | |||
| CVE-2015-7039 | 0.04 | — | 0.11 | Dec 11, 2015 | Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038. | |||
| CVE-2015-6996 | 0.04 | — | 0.07 | Oct 23, 2015 | IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2015-6995 | 0.04 | — | 0.06 | Oct 23, 2015 | The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2015-5895 | 0.04 | — | 0.09 | Sep 18, 2015 | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | |||
| CVE-2015-5784 | 0.04 | — | 0.09 | Aug 17, 2015 | runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2015-5754 | 0.04 | — | 0.07 | Aug 17, 2015 | Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error. | |||
| CVE-2015-3798 | 0.04 | — | 0.13 | Aug 17, 2015 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than… | |||
| CVE-2015-3796 | 0.04 | — | 0.12 | Aug 17, 2015 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than… | |||
| CVE-2015-3704 | 0.04 | — | 0.09 | Jul 3, 2015 | runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2015-3693 | 0.04 | — | 0.08 | Jul 3, 2015 | Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service… | |||
| CVE-2015-4024 | 0.04 | — | 0.50 | Jun 9, 2015 | Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an… | |||
| CVE-2015-1155 | 0.04 | — | 0.11 | May 8, 2015 | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |||
| CVE-2015-1126 | 0.04 | — | 0.10 | Apr 10, 2015 | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors. | |||
| CVE-2014-8835 | 0.04 | — | 0.08 | Jan 30, 2015 | The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion"… | |||
| CVE-2014-8826 | 0.04 | — | 0.09 | Jan 30, 2015 | LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. | |||
| CVE-2013-6835 | 0.04 | — | 0.07 | Mar 14, 2014 | TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | |||
| CVE-2012-6151 | 0.04 | — | 0.09 | Dec 13, 2013 | Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout. | |||
| CVE-2013-0984 | 0.04 | — | 0.14 | Jun 5, 2013 | Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. | |||
| CVE-2013-2842 | 0.04 | — | 0.12 | May 22, 2013 | Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. | |||
| CVE-2012-2619 | 0.04 | — | 0.13 | Nov 14, 2012 | The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i… | |||
| CVE-2012-3755 | 0.04 | — | 0.10 | Nov 9, 2012 | Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. | |||
| CVE-2012-3748 | 0.04 | — | 0.14 | Nov 3, 2012 | Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||
| CVE-2012-0677 | 0.04 | — | 0.15 | Jun 12, 2012 | Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. | |||
| CVE-2011-1425 | 0.04 | — | 0.08 | Apr 4, 2011 | xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature… | |||
| CVE-2010-3804 | 0.04 | — | 0.09 | Nov 22, 2010 | The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by… | |||
| CVE-2010-1840 | 0.04 | — | 0.09 | Nov 15, 2010 | Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2010-1813 | 0.04 | — | 0.10 | Sep 9, 2010 | WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. | |||
| CVE-2010-1748 | 0.04 | — | 0.06 | Jun 17, 2010 | The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent… | |||
| CVE-2010-1759 | 0.04 | — | 0.16 | Jun 11, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the… | |||
| CVE-2010-1939 | 0.04 | — | 0.15 | May 13, 2010 | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a… | |||
| CVE-2010-0520 | 0.04 | — | 0.19 | Mar 30, 2010 | Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length… | |||
| CVE-2010-0519 | 0.04 | — | 0.09 | Mar 30, 2010 | Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value. | |||
| CVE-2010-1180 | 0.04 | — | 0.08 | Mar 29, 2010 | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | |||
| CVE-2010-1179 | 0.04 | — | 0.09 | Mar 29, 2010 | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to… | |||
| CVE-2010-1177 | 0.04 | — | 0.07 | Mar 29, 2010 | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | |||
| CVE-2010-1176 | 0.04 | — | 0.09 | Mar 29, 2010 | Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a… | |||
| CVE-2010-1029 | 0.04 | — | 0.10 | Mar 19, 2010 | Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly… | |||
| CVE-2010-0049 | 0.04 | — | 0.11 | Mar 15, 2010 | Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality. | |||
| CVE-2010-0314 | 0.04 | — | 0.07 | Jan 14, 2010 | Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value. | |||
| CVE-2009-4186 | 0.04 | — | 0.07 | Dec 3, 2009 | Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | |||
| CVE-2009-4017 | 0.04 | — | 0.12 | Nov 24, 2009 | PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to… | |||
| CVE-2009-2817 | 0.04 | — | 0.09 | Sep 24, 2009 | Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file. | |||
| CVE-2009-3272 | 0.04 | — | 0.06 | Sep 21, 2009 | Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. | |||
| CVE-2009-2195 | 0.04 | — | 0.13 | Aug 12, 2009 | Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers. | |||
| CVE-2009-2419 | 0.04 | — | 0.09 | Jul 9, 2009 | Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a… | |||
| CVE-2009-0961 | 0.04 | — | 0.06 | Jun 19, 2009 | The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an… | |||
| CVE-2009-1684 | 0.04 | — | 0.09 | Jun 10, 2009 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the… |
- CVE-2005-2340Dec 31, 2005risk 0.05cvss —epss 0.26
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
- CVE-2003-0681Oct 6, 2003risk 0.05cvss —epss 0.20
A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.
- CVE-2015-7112Dec 11, 2015risk 0.04cvss —epss 0.09
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…
- CVE-2015-7039Dec 11, 2015risk 0.04cvss —epss 0.11
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
- CVE-2015-6996Oct 23, 2015risk 0.04cvss —epss 0.07
IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
- CVE-2015-6995Oct 23, 2015risk 0.04cvss —epss 0.06
The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.
- CVE-2015-5895Sep 18, 2015risk 0.04cvss —epss 0.09
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.
- CVE-2015-5784Aug 17, 2015risk 0.04cvss —epss 0.09
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- CVE-2015-5754Aug 17, 2015risk 0.04cvss —epss 0.07
Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages incorrect privilege dropping associated with a locking error.
- CVE-2015-3798Aug 17, 2015risk 0.04cvss —epss 0.13
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
- CVE-2015-3796Aug 17, 2015risk 0.04cvss —epss 0.12
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
- CVE-2015-3704Jul 3, 2015risk 0.04cvss —epss 0.09
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
- CVE-2015-3693Jul 3, 2015risk 0.04cvss —epss 0.08
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service…
- CVE-2015-4024Jun 9, 2015risk 0.04cvss —epss 0.50
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an…
- CVE-2015-1155May 8, 2015risk 0.04cvss —epss 0.11
The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.
- CVE-2015-1126Apr 10, 2015risk 0.04cvss —epss 0.10
WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.
- CVE-2014-8835Jan 30, 2015risk 0.04cvss —epss 0.08
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion"…
- CVE-2014-8826Jan 30, 2015risk 0.04cvss —epss 0.09
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
- CVE-2013-6835Mar 14, 2014risk 0.04cvss —epss 0.07
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
- CVE-2012-6151Dec 13, 2013risk 0.04cvss —epss 0.09
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
- CVE-2013-0984Jun 5, 2013risk 0.04cvss —epss 0.14
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
- CVE-2013-2842May 22, 2013risk 0.04cvss —epss 0.12
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
- CVE-2012-2619Nov 14, 2012risk 0.04cvss —epss 0.13
The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i…
- CVE-2012-3755Nov 9, 2012risk 0.04cvss —epss 0.10
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
- CVE-2012-3748Nov 3, 2012risk 0.04cvss —epss 0.14
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
- CVE-2012-0677Jun 12, 2012risk 0.04cvss —epss 0.15
Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist.
- CVE-2011-1425Apr 4, 2011risk 0.04cvss —epss 0.08
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature…
- CVE-2010-3804Nov 22, 2010risk 0.04cvss —epss 0.09
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by…
- CVE-2010-1840Nov 15, 2010risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2010-1813Sep 9, 2010risk 0.04cvss —epss 0.10
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
- CVE-2010-1748Jun 17, 2010risk 0.04cvss —epss 0.06
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent…
- CVE-2010-1759Jun 11, 2010risk 0.04cvss —epss 0.16
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the…
- CVE-2010-1939May 13, 2010risk 0.04cvss —epss 0.15
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a…
- CVE-2010-0520Mar 30, 2010risk 0.04cvss —epss 0.19
Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length…
- CVE-2010-0519Mar 30, 2010risk 0.04cvss —epss 0.09
Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.
- CVE-2010-1180Mar 29, 2010risk 0.04cvss —epss 0.08
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
- CVE-2010-1179Mar 29, 2010risk 0.04cvss —epss 0.09
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to…
- CVE-2010-1177Mar 29, 2010risk 0.04cvss —epss 0.07
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
- CVE-2010-1176Mar 29, 2010risk 0.04cvss —epss 0.09
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a…
- CVE-2010-1029Mar 19, 2010risk 0.04cvss —epss 0.10
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly…
- CVE-2010-0049Mar 15, 2010risk 0.04cvss —epss 0.11
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
- CVE-2010-0314Jan 14, 2010risk 0.04cvss —epss 0.07
Apple Safari allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value.
- CVE-2009-4186Dec 3, 2009risk 0.04cvss —epss 0.07
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
- CVE-2009-4017Nov 24, 2009risk 0.04cvss —epss 0.12
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to…
- CVE-2009-2817Sep 24, 2009risk 0.04cvss —epss 0.09
Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .pls file.
- CVE-2009-3272Sep 21, 2009risk 0.04cvss —epss 0.06
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
- CVE-2009-2195Aug 12, 2009risk 0.04cvss —epss 0.13
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
- CVE-2009-2419Jul 9, 2009risk 0.04cvss —epss 0.09
Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a…
- CVE-2009-0961Jun 19, 2009risk 0.04cvss —epss 0.06
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an…
- CVE-2009-1684Jun 10, 2009risk 0.04cvss —epss 0.09
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the…
Page 103 of 170