VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,452 total · sorted by risk
  • CVE-2009-1701Jun 10, 2009
    risk 0.01cvss epss 0.08

    Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash)…

  • CVE-2009-1698Jun 10, 2009
    risk 0.01cvss epss 0.08

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to…

  • CVE-2009-1690Jun 10, 2009
    risk 0.01cvss epss 0.07

    Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of…

  • CVE-2009-1687Jun 10, 2009
    risk 0.01cvss epss 0.08

    The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-1686Jun 10, 2009
    risk 0.01cvss epss 0.08

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute…

  • CVE-2009-0951Jun 2, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.

  • CVE-2009-0945May 13, 2009
    risk 0.01cvss epss 0.09

    Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote…

  • CVE-2009-0010May 13, 2009
    risk 0.01cvss epss 0.08

    Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a…

  • CVE-2009-1182Apr 23, 2009
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2009-0946Apr 17, 2009
    risk 0.01cvss epss 0.09

    Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.

  • CVE-2009-0846Apr 9, 2009
    risk 0.01cvss epss 0.09

    The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an…

  • CVE-2009-0007Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

  • CVE-2009-0006Jan 21, 2009
    risk 0.01cvss epss 0.08

    Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

  • CVE-2009-0003Jan 21, 2009
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

  • CVE-2009-0002Jan 21, 2009
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

  • CVE-2009-0001Jan 21, 2009
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.

  • CVE-2008-4216Nov 17, 2008
    risk 0.01cvss epss 0.09

    The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."

  • CVE-2008-3623Nov 17, 2008
    risk 0.01cvss epss 0.08

    Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…

  • CVE-2008-4211Oct 10, 2008
    risk 0.01cvss epss 0.07

    Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via…

  • CVE-2008-3627Sep 11, 2008
    risk 0.01cvss epss 0.09

    Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote…

  • CVE-2008-3625Sep 11, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, and (3) maxFieldOfView…

  • CVE-2008-2317Jul 14, 2008
    risk 0.01cvss epss 0.08

    WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a…

  • CVE-2008-2307Jun 23, 2008
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving…

  • CVE-2008-2540Jun 3, 2008
    risk 0.01cvss epss 0.08

    Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X,…

  • CVE-2008-1034Jun 2, 2008
    risk 0.01cvss epss 0.08

    Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.

  • CVE-2008-1574Jun 2, 2008
    risk 0.01cvss epss 0.07

    Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image that triggers a heap-based buffer overflow.

  • CVE-2008-1020Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file with Kodak encoding, related to error checking and error messages.

  • CVE-2008-1017Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in clipping region (aka crgn) atom handling in quicktime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

  • CVE-2008-1021Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in Animation codec content handling in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted movie with run length encoding.

  • CVE-2008-1019Apr 4, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in quickTime.qts in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted PICT image file, related to an improperly terminated memory copy loop.

  • CVE-2008-1022Apr 4, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted VR movie with an obji atom of zero size.

  • CVE-2008-0053Mar 18, 2008
    risk 0.01cvss epss 0.08

    Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.

  • CVE-2008-0047Mar 18, 2008
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

  • CVE-2008-0888Mar 17, 2008
    risk 0.01cvss epss 0.06

    The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or…

  • CVE-2008-0040Feb 12, 2008
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.

  • CVE-2007-4689Nov 15, 2007
    risk 0.01cvss epss 0.07

    Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.

  • CVE-2007-4672Nov 7, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid UncompressedQuickTimeData opcode length in a PICT image.

  • CVE-2007-2395Nov 7, 2007
    risk 0.01cvss epss 0.07

    Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."

  • CVE-2007-3750Nov 7, 2007
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via crafted Sample Table Sample Descriptor (STSD) atoms in a movie file.

  • CVE-2007-3744Aug 3, 2007
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device Standardized Device Control Protocol) implementation in mDNSResponder on Apple Mac OS X 10.4.10 before 20070731 allows network-adjacent remote attackers to execute arbitrary code via a crafted packet.

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2007-3944Jul 23, 2007
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular…

  • CVE-2007-2396Jul 15, 2007
    risk 0.01cvss epss 0.07

    The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.

  • CVE-2007-2393Jul 15, 2007
    risk 0.01cvss epss 0.07

    The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.

  • CVE-2007-2397Jul 15, 2007
    risk 0.01cvss epss 0.07

    QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.

  • CVE-2007-1863Jun 27, 2007
    risk 0.01cvss epss 0.12

    cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2)…

  • CVE-2007-2399Jun 25, 2007
    risk 0.01cvss epss 0.07

    WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.

  • CVE-2007-2390May 24, 2007
    risk 0.01cvss epss 0.09

    Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.

  • CVE-2007-0749May 13, 2007
    risk 0.01cvss epss 0.06

    Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

  • CVE-2007-0748May 13, 2007
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.

Page 110 of 170