Vendor CVEs
Apple Inc.
All CVEs
8,452 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7084 | 0.03 | — | 0.01 | Dec 11, 2015 | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083. | |||
| CVE-2015-7083 | 0.03 | — | 0.01 | Dec 11, 2015 | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084. | |||
| CVE-2015-7078 | 0.03 | — | 0.01 | Dec 11, 2015 | Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. | |||
| CVE-2015-7077 | 0.03 | — | 0.01 | Dec 11, 2015 | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||
| CVE-2015-7047 | 0.03 | — | 0.01 | Dec 11, 2015 | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. | |||
| CVE-2015-7036 | 0.03 | — | 0.39 | Nov 22, 2015 | The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the… | |||
| CVE-2015-5889 | 0.03 | — | 0.05 | Oct 9, 2015 | rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | |||
| CVE-2015-5722 | 0.03 | — | 0.34 | Sep 5, 2015 | buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. | |||
| CVE-2015-3760 | 0.03 | — | 0.02 | Aug 16, 2015 | dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-3673 | 0.03 | — | 0.06 | Jul 3, 2015 | Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility. | |||
| CVE-2015-3329 | 0.03 | — | 0.38 | Jun 9, 2015 | Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. | |||
| CVE-2015-3145 | 0.03 | — | 0.38 | Apr 24, 2015 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing… | |||
| CVE-2015-1100 | 0.03 | — | 0.01 | Apr 10, 2015 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app. | |||
| CVE-2014-0117 | 0.03 | — | 0.36 | Jul 20, 2014 | The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header. | |||
| CVE-2014-1322 | 0.03 | — | 0.01 | Apr 23, 2014 | The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object. | |||
| CVE-2014-1287 | 0.03 | — | 0.01 | Mar 14, 2014 | USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages. | |||
| CVE-2013-6799 | 0.03 | — | 0.01 | Nov 18, 2013 | Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105. | |||
| CVE-2013-6114 | 0.03 | — | 0.05 | Nov 4, 2013 | Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. | |||
| CVE-2013-5147 | 0.03 | — | 0.01 | Sep 19, 2013 | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | |||
| CVE-2013-1775 | 0.03 | — | 0.03 | Mar 5, 2013 | sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. | |||
| CVE-2012-5519 | 0.03 | — | 0.02 | Nov 20, 2012 | CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging… | |||
| CVE-2012-5851 | 0.03 | — | 0.02 | Nov 15, 2012 | html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a… | |||
| CVE-2011-1516 | 0.03 | — | 0.04 | Nov 15, 2011 | The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of… | |||
| CVE-2011-0182 | 0.03 | — | 0.02 | Mar 23, 2011 | The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry. | |||
| CVE-2011-0180 | 0.03 | — | 0.01 | Mar 23, 2011 | Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call. | |||
| CVE-2011-0167 | 0.03 | — | 0.03 | Mar 11, 2011 | The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | |||
| CVE-2010-3830 | 0.03 | — | 0.01 | Nov 26, 2010 | Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2010-2973 | 0.03 | — | 0.01 | Aug 5, 2010 | Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. | |||
| CVE-2010-0105 | 0.03 | — | 0.01 | Apr 27, 2010 | The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application… | |||
| CVE-2010-1226 | 0.03 | — | 0.05 | Apr 1, 2010 | The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | |||
| CVE-2010-1131 | 0.03 | — | 0.04 | Mar 27, 2010 | JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring. | |||
| CVE-2009-2820 | 0.03 | — | 0.06 | Nov 10, 2009 | The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks… | |||
| CVE-2009-3271 | 0.03 | — | 0.04 | Sep 21, 2009 | Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | |||
| CVE-2009-1724 | 0.03 | — | 0.06 | Jul 9, 2009 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top… | |||
| CVE-2009-0162 | 0.03 | — | 0.05 | May 13, 2009 | Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL. | |||
| CVE-2009-1238 | 0.03 | — | 0.01 | Apr 2, 2009 | Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,… | |||
| CVE-2009-1237 | 0.03 | — | 0.01 | Apr 2, 2009 | Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call. | |||
| CVE-2009-1235 | 0.03 | — | 0.01 | Apr 2, 2009 | XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain… | |||
| CVE-2009-1233 | 0.03 | — | 0.04 | Apr 2, 2009 | Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | |||
| CVE-2009-0321 | 0.03 | — | 0.02 | Jan 28, 2009 | Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. | |||
| CVE-2009-0070 | 0.03 | — | 0.03 | Jan 8, 2009 | Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,… | |||
| CVE-2008-5821 | 0.03 | — | 0.04 | Jan 2, 2009 | Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document. | |||
| CVE-2008-5377 | 0.03 | — | 0.01 | Dec 8, 2008 | pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333. | |||
| CVE-2008-2939 | 0.03 | — | 0.39 | Aug 6, 2008 | Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2008-2304 | 0.03 | — | 0.06 | Jul 14, 2008 | Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains… | |||
| CVE-2008-2830 | 0.03 | — | 0.01 | Jun 23, 2008 | Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application,… | |||
| CVE-2008-1000 | 0.03 | — | 0.03 | Mar 18, 2008 | Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments. | |||
| CVE-2008-0830 | 0.03 | — | 0.02 | Feb 19, 2008 | The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043. | |||
| CVE-2008-0298 | 0.03 | — | 0.03 | Jan 16, 2008 | KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element. | |||
| CVE-2007-3876 | 0.03 | — | 0.02 | Dec 19, 2007 | Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil. |
- CVE-2015-7084Dec 11, 2015risk 0.03cvss —epss 0.01
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
- CVE-2015-7083Dec 11, 2015risk 0.03cvss —epss 0.01
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
- CVE-2015-7078Dec 11, 2015risk 0.03cvss —epss 0.01
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.
- CVE-2015-7077Dec 11, 2015risk 0.03cvss —epss 0.01
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
- CVE-2015-7047Dec 11, 2015risk 0.03cvss —epss 0.01
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
- CVE-2015-7036Nov 22, 2015risk 0.03cvss —epss 0.39
The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the…
- CVE-2015-5889Oct 9, 2015risk 0.03cvss —epss 0.05
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
- CVE-2015-5722Sep 5, 2015risk 0.03cvss —epss 0.34
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
- CVE-2015-3760Aug 16, 2015risk 0.03cvss —epss 0.02
dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors.
- CVE-2015-3673Jul 3, 2015risk 0.03cvss —epss 0.06
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
- CVE-2015-3329Jun 9, 2015risk 0.03cvss —epss 0.38
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
- CVE-2015-3145Apr 24, 2015risk 0.03cvss —epss 0.38
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing…
- CVE-2015-1100Apr 10, 2015risk 0.03cvss —epss 0.01
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content information via a crafted app.
- CVE-2014-0117Jul 20, 2014risk 0.03cvss —epss 0.36
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
- CVE-2014-1322Apr 23, 2014risk 0.03cvss —epss 0.01
The kernel in Apple OS X through 10.9.2 places a kernel pointer into an XNU object data structure accessible from user space, which makes it easier for local users to bypass the ASLR protection mechanism by reading an unspecified attribute of the object.
- CVE-2014-1287Mar 14, 2014risk 0.03cvss —epss 0.01
USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted USB messages.
- CVE-2013-6799Nov 18, 2013risk 0.03cvss —epss 0.01
Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.
- CVE-2013-6114Nov 4, 2013risk 0.03cvss —epss 0.05
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
- CVE-2013-5147Sep 19, 2013risk 0.03cvss —epss 0.01
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
- CVE-2013-1775Mar 5, 2013risk 0.03cvss —epss 0.03
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
- CVE-2012-5519Nov 20, 2012risk 0.03cvss —epss 0.02
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging…
- CVE-2012-5851Nov 15, 2012risk 0.03cvss —epss 0.02
html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google Chrome through 22 and Safari 5.1.7, does not consider all possible output contexts of reflected data, which makes it easier for remote attackers to bypass a cross-site scripting (XSS) protection mechanism via a…
- CVE-2011-1516Nov 15, 2011risk 0.03cvss —epss 0.04
The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in Apple Mac OS X 10.5.x through 10.7.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of…
- CVE-2011-0182Mar 23, 2011risk 0.03cvss —epss 0.02
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
- CVE-2011-0180Mar 23, 2011risk 0.03cvss —epss 0.01
Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.
- CVE-2011-0167Mar 11, 2011risk 0.03cvss —epss 0.03
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
- CVE-2010-3830Nov 26, 2010risk 0.03cvss —epss 0.01
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
- CVE-2010-2973Aug 5, 2010risk 0.03cvss —epss 0.01
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
- CVE-2010-0105Apr 27, 2010risk 0.03cvss —epss 0.01
The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 supports hard links to directories and does not prevent certain deeply nested directory structures, which allows local users to cause a denial of service (filesystem corruption) via a crafted application…
- CVE-2010-1226Apr 1, 2010risk 0.03cvss —epss 0.05
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
- CVE-2010-1131Mar 27, 2010risk 0.03cvss —epss 0.04
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the substring.
- CVE-2009-2820Nov 10, 2009risk 0.03cvss —epss 0.06
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks…
- CVE-2009-3271Sep 21, 2009risk 0.03cvss —epss 0.04
Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element.
- CVE-2009-1724Jul 9, 2009risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top…
- CVE-2009-0162May 13, 2009risk 0.03cvss —epss 0.05
Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.
- CVE-2009-1238Apr 2, 2009risk 0.03cvss —epss 0.01
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by simultaneously executing the same HFS_SET_PKG_EXTENSIONS code path in multiple threads,…
- CVE-2009-1237Apr 2, 2009risk 0.03cvss —epss 0.01
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or (2) SYS___mac_getfsstat system call.
- CVE-2009-1235Apr 2, 2009risk 0.03cvss —epss 0.01
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain…
- CVE-2009-1233Apr 2, 2009risk 0.03cvss —epss 0.04
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
- CVE-2009-0321Jan 28, 2009risk 0.03cvss —epss 0.02
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.
- CVE-2009-0070Jan 8, 2009risk 0.03cvss —epss 0.03
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function,…
- CVE-2008-5821Jan 2, 2009risk 0.03cvss —epss 0.04
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
- CVE-2008-5377Dec 8, 2008risk 0.03cvss —epss 0.01
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
- CVE-2008-2939Aug 6, 2008risk 0.03cvss —epss 0.39
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a…
- CVE-2008-2304Jul 14, 2008risk 0.03cvss —epss 0.06
Buffer overflow in Apple Core Image Fun House 2.0 and earlier in CoreImage Examples in Xcode tools before 3.1 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a .funhouse file with a string XML element that contains…
- CVE-2008-2830Jun 23, 2008risk 0.03cvss —epss 0.01
Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and some other 10.4 and 10.5 versions, does not properly restrict the loading of scripting addition plugins, which allows local users to gain privileges via scripting addition commands to a privileged application,…
- CVE-2008-1000Mar 18, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in ContentServer.py in the Wiki Server in Apple Mac OS X 10.5.2 (aka Leopard) allows remote authenticated users to write arbitrary files via ".." sequences in file attachments.
- CVE-2008-0830Feb 19, 2008risk 0.03cvss —epss 0.02
The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 allows remote attackers to cause a denial of service (crash) via a malformed dpap: URI, a different vulnerability than CVE-2008-0043.
- CVE-2008-0298Jan 16, 2008risk 0.03cvss —epss 0.03
KHTML WebKit as used in Apple Safari 2.x allows remote attackers to cause a denial of service (browser crash) via a crafted web page, possibly involving a STYLE attribute of a DIV element.
- CVE-2007-3876Dec 19, 2007risk 0.03cvss —epss 0.02
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
Page 105 of 170