VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2011-0232Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-0225Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-0223Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-0221Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-0219Jul 21, 2011
    risk 0.00cvss epss 0.02

    Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

  • CVE-2011-0218Jul 21, 2011
    risk 0.00cvss epss 0.04

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

  • CVE-2011-0217Jul 21, 2011
    risk 0.00cvss epss 0.01

    Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

  • CVE-2011-0216Jul 21, 2011
    risk 0.00cvss epss 0.05

    Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

  • CVE-2011-0215Jul 21, 2011
    risk 0.00cvss epss 0.04

    ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

  • CVE-2011-0214Jul 21, 2011
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

  • CVE-2010-1420Jul 21, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.

  • CVE-2010-1383Jul 21, 2011
    risk 0.00cvss epss 0.02

    CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

  • CVE-2011-0227Jul 19, 2011
    risk 0.00cvss epss 0.00

    The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.

  • CVE-2011-2192Jul 7, 2011
    risk 0.00cvss epss 0.03

    The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests.

  • CVE-2011-2601Jun 30, 2011
    risk 0.00cvss epss 0.02

    The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox…

  • CVE-2011-2351Jun 29, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 12.0.742.112 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.

  • CVE-2011-1132Jun 24, 2011
    risk 0.00cvss epss 0.00

    The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 allows local users to cause a denial of service (NULL pointer dereference and reboot) via vectors involving socket options.

  • CVE-2011-0213Jun 24, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG file.

  • CVE-2011-0212Jun 24, 2011
    risk 0.00cvss epss 0.02

    servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML-RPC request containing an entity declaration in conjunction with…

  • CVE-2011-0211Jun 24, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

  • CVE-2011-0210Jun 24, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted sample tables in a movie file.

  • CVE-2011-0209Jun 24, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RIFF WAV file.

  • CVE-2011-0208Jun 24, 2011
    risk 0.00cvss epss 0.03

    QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.

  • CVE-2011-0207Jun 24, 2011
    risk 0.00cvss epss 0.02

    The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

  • CVE-2011-0206Jun 24, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.

  • CVE-2011-0205Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG2000 image.

  • CVE-2011-0204Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image.

  • CVE-2011-0203Jun 24, 2011
    risk 0.00cvss epss 0.02

    Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing.

  • CVE-2011-0202Jun 24, 2011
    risk 0.00cvss epss 0.02

    Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded Type 1 font in a PDF document.

  • CVE-2011-0201Jun 24, 2011
    risk 0.00cvss epss 0.03

    Off-by-one error in the CoreFoundation framework in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a CFString object that triggers a buffer overflow.

  • CVE-2011-0200Jun 24, 2011
    risk 0.00cvss epss 0.04

    Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image containing a crafted embedded ColorSync profile that triggers a heap-based buffer overflow.

  • CVE-2011-0198Jun 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.

  • CVE-2011-0197Jun 24, 2011
    risk 0.00cvss epss 0.00

    App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

  • CVE-2011-0196Jun 24, 2011
    risk 0.00cvss epss 0.02

    AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a denial of service (out-of-bounds read and reboot) via Wi-Fi frames on the local wireless network.

  • CVE-2009-5044Jun 24, 2011
    risk 0.00cvss epss 0.00

    contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

  • CVE-2011-1451May 3, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."

  • CVE-2011-1449May 3, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-1440May 3, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.

  • CVE-2011-0195Apr 15, 2011
    risk 0.00cvss epss 0.01

    The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202.

  • CVE-2011-1691Apr 15, 2011
    risk 0.00cvss epss 0.02

    The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement…

  • CVE-2011-1296Mar 25, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

  • CVE-2011-1295Mar 25, 2011
    risk 0.00cvss epss 0.02

    WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified…

  • CVE-2011-1293Mar 25, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-0194Mar 23, 2011
    risk 0.00cvss epss 0.03

    Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

  • CVE-2011-0193Mar 23, 2011
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

  • CVE-2011-0190Mar 23, 2011
    risk 0.00cvss epss 0.01

    Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

  • CVE-2011-0189Mar 23, 2011
    risk 0.00cvss epss 0.01

    The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

  • CVE-2011-0187Mar 23, 2011
    risk 0.00cvss epss 0.02

    The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

  • CVE-2011-0186Mar 23, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

  • CVE-2011-0184Mar 23, 2011
    risk 0.00cvss epss 0.03

    QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an Excel spreadsheet with a crafted formula that uses unspecified opcodes.

Page 145 of 169