VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,442 total · sorted by risk
  • CVE-2014-1261Feb 27, 2014
    risk 0.00cvss epss 0.03

    Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.

  • CVE-2014-1260Feb 27, 2014
    risk 0.00cvss epss 0.02

    QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

  • CVE-2014-1259Feb 27, 2014
    risk 0.00cvss epss 0.02

    Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.

  • CVE-2014-1258Feb 27, 2014
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.

  • CVE-2014-1257Feb 27, 2014
    risk 0.00cvss epss 0.00

    CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation.

  • CVE-2014-1256Feb 27, 2014
    risk 0.00cvss epss 0.01

    Buffer overflow in Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

  • CVE-2014-1255Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 does not properly validate calls to the free function, which allows attackers to bypass the App Sandbox protection mechanism via crafted Mach messages.

  • CVE-2014-1254Feb 27, 2014
    risk 0.00cvss epss 0.02

    Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.

  • CVE-2014-1251Feb 27, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.

  • CVE-2014-1250Feb 27, 2014
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted ttfo element in a movie file.

  • CVE-2014-1249Feb 27, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.

  • CVE-2014-1248Feb 27, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.

  • CVE-2014-1247Feb 27, 2014
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.

  • CVE-2014-1246Feb 27, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.

  • CVE-2014-1245Feb 27, 2014
    risk 0.00cvss epss 0.04

    Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.

  • CVE-2014-1244Feb 27, 2014
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

  • CVE-2014-1243Feb 27, 2014
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track list in a movie file.

  • CVE-2014-1253Feb 14, 2014
    risk 0.00cvss epss 0.00

    AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to cause a denial of service (kernel memory corruption) or possibly have unspecified other impact via a malformed header in a Portable Executable (PE) file.

  • CVE-2013-6891Jan 26, 2014
    risk 0.00cvss epss 0.00

    lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.

  • CVE-2014-1252Jan 24, 2014
    risk 0.00cvss epss 0.04

    Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

  • CVE-2014-1242Jan 23, 2014
    risk 0.00cvss epss 0.01

    Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.

  • CVE-2013-5987Jan 21, 2014
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, 319, 310, and 304 allows local users to bypass intended access restrictions for the GPU and gain privileges via unknown vectors.

  • CVE-2010-1819Dec 27, 2013
    risk 0.00cvss epss 0.05

    Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3)…

  • CVE-2013-5228Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5227Dec 18, 2013
    risk 0.00cvss epss 0.02

    Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.

  • CVE-2013-5225Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5199Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5198Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5197Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5196Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-5195Dec 18, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…

  • CVE-2013-7127Dec 17, 2013
    risk 0.00cvss epss 0.00

    Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file.

  • CVE-2013-6712Nov 28, 2013
    risk 0.00cvss epss 0.05

    The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.

  • CVE-2013-5193Nov 18, 2013
    risk 0.00cvss epss 0.00

    The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

  • CVE-2013-5148Oct 24, 2013
    risk 0.00cvss epss 0.00

    Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a…

  • CVE-2013-5143Oct 24, 2013
    risk 0.00cvss epss 0.01

    The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback…

  • CVE-2013-5130Oct 24, 2013
    risk 0.00cvss epss 0.01

    WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files.

  • CVE-2013-5192Oct 24, 2013
    risk 0.00cvss epss 0.00

    The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.

  • CVE-2013-5191Oct 24, 2013
    risk 0.00cvss epss 0.00

    The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions.

  • CVE-2013-5190Oct 24, 2013
    risk 0.00cvss epss 0.01

    Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure.

  • CVE-2013-5189Oct 24, 2013
    risk 0.00cvss epss 0.01

    Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security…

  • CVE-2013-5188Oct 24, 2013
    risk 0.00cvss epss 0.00

    The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the…

  • CVE-2013-5187Oct 24, 2013
    risk 0.00cvss epss 0.00

    The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading…

  • CVE-2013-5186Oct 24, 2013
    risk 0.00cvss epss 0.00

    Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.

  • CVE-2013-5185Oct 24, 2013
    risk 0.00cvss epss 0.01

    The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network.

  • CVE-2013-5184Oct 24, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area.

  • CVE-2013-5183Oct 24, 2013
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-5182Oct 24, 2013
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

  • CVE-2013-5181Oct 24, 2013
    risk 0.00cvss epss 0.02

    The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.

  • CVE-2013-5180Oct 24, 2013
    risk 0.00cvss epss 0.01

    The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection…

Page 131 of 169