VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2010-0497Mar 30, 2010
    risk 0.00cvss epss 0.03

    Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

  • CVE-2010-0065Mar 30, 2010
    risk 0.00cvss epss 0.02

    Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

  • CVE-2010-0064Mar 30, 2010
    risk 0.00cvss epss 0.00

    DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users.

  • CVE-2010-0063Mar 30, 2010
    risk 0.00cvss epss 0.02

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content…

  • CVE-2010-0062Mar 30, 2010
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an…

  • CVE-2010-0060Mar 30, 2010
    risk 0.00cvss epss 0.03

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.

  • CVE-2010-0055Mar 30, 2010
    risk 0.00cvss epss 0.02

    xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.

  • CVE-2010-0533Mar 30, 2010
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.

  • CVE-2010-0059Mar 30, 2010
    risk 0.00cvss epss 0.05

    CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields,…

  • CVE-2010-0058Mar 30, 2010
    risk 0.00cvss epss 0.02

    freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.

  • CVE-2010-0057Mar 30, 2010
    risk 0.00cvss epss 0.01

    AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.

  • CVE-2010-0056Mar 30, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

  • CVE-2009-2801Mar 30, 2010
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."

  • CVE-2010-1181Mar 29, 2010
    risk 0.00cvss epss 0.03

    Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.

  • CVE-2010-1178Mar 29, 2010
    risk 0.00cvss epss 0.01

    Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.

  • CVE-2010-1126Mar 26, 2010
    risk 0.00cvss epss 0.02

    The JavaScript implementation in WebKit allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.

  • CVE-2010-1120Mar 25, 2010
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.

  • CVE-2010-1099Mar 24, 2010
    risk 0.00cvss epss 0.01

    Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.

  • CVE-2010-0054Mar 15, 2010
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.

  • CVE-2010-0053Mar 15, 2010
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

  • CVE-2010-0052Mar 15, 2010
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

  • CVE-2010-0051Mar 15, 2010
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

  • CVE-2010-0046Mar 15, 2010
    risk 0.00cvss epss 0.06

    The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

  • CVE-2010-0045Mar 15, 2010
    risk 0.00cvss epss 0.04

    Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

  • CVE-2010-0044Mar 15, 2010
    risk 0.00cvss epss 0.02

    PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

  • CVE-2010-0043Mar 15, 2010
    risk 0.00cvss epss 0.06

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

  • CVE-2010-0042Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

  • CVE-2010-0041Mar 15, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

  • CVE-2010-0962Mar 10, 2010
    risk 0.00cvss epss 0.01

    The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via…

  • CVE-2010-0393Mar 5, 2010
    risk 0.00cvss epss 0.00

    The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted…

  • CVE-2010-0925Mar 3, 2010
    risk 0.00cvss epss 0.01

    cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a (1) IMG or (2) IFRAME element.

  • CVE-2010-0924Mar 3, 2010
    risk 0.00cvss epss 0.01

    cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 in Apple Safari 4.0.3 and 4.0.4 on Windows, allows remote attackers to cause a denial of service (application crash) via a long string in the BACKGROUND attribute of a BODY element.

  • CVE-2010-0205Mar 3, 2010
    risk 0.00cvss epss 0.04

    The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to…

  • CVE-2010-0661Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method.

  • CVE-2010-0659Feb 18, 2010
    risk 0.00cvss epss 0.03

    The image decoder in WebKit before r52833, as used in Google Chrome before 4.0.249.78, does not properly handle a failure of memory allocation, which allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed GIF file that specifies a large size.

  • CVE-2010-0656Feb 18, 2010
    risk 0.00cvss epss 0.01

    WebKit before r51295, as used in Google Chrome before 4.0.249.78, presents a directory-listing page in response to an XMLHttpRequest for a file:/// URL that corresponds to a directory, which allows attackers to obtain sensitive information or possibly have unspecified other…

  • CVE-2010-0651Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit before r52784, as used in Google Chrome before 4.0.249.78 and Apple Safari before 4.0.5, permits cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to…

  • CVE-2010-0650Feb 18, 2010
    risk 0.00cvss epss 0.02

    WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.

  • CVE-2010-0647Feb 18, 2010
    risk 0.00cvss epss 0.04

    WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a > sequence.

  • CVE-2010-0038Feb 3, 2010
    risk 0.00cvss epss 0.00

    Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption.

  • CVE-2009-2843Dec 8, 2009
    risk 0.00cvss epss 0.02

    Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 accepts expired certificates for applets, which makes it easier for remote attackers to execute arbitrary code via an applet.

  • CVE-2009-3384Nov 13, 2009
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.

  • CVE-2009-2842Nov 13, 2009
    risk 0.00cvss epss 0.02

    Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.

  • CVE-2009-2841Nov 13, 2009
    risk 0.00cvss epss 0.03

    The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which…

  • CVE-2009-2816Nov 13, 2009
    risk 0.00cvss epss 0.02

    The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for…

  • CVE-2009-2840Nov 10, 2009
    risk 0.00cvss epss 0.00

    Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary files, which allows local users to overwrite arbitrary files in the context of a different user's privileges via unspecified vectors.

  • CVE-2009-2839Nov 10, 2009
    risk 0.00cvss epss 0.02

    Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

  • CVE-2009-2838Nov 10, 2009
    risk 0.00cvss epss 0.03

    Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

  • CVE-2009-2837Nov 10, 2009
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

  • CVE-2009-2836Nov 10, 2009
    risk 0.00cvss epss 0.00

    Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, when at least one account has a blank password, allows attackers to bypass password authentication and obtain login access to an arbitrary account via unspecified vectors.

Page 152 of 169