Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-2835 | 0.00 | — | 0.00 | Nov 10, 2009 | The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors. | |||
| CVE-2009-2834 | 0.00 | — | 0.00 | Nov 10, 2009 | IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors. | |||
| CVE-2009-2833 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2009-2832 | 0.00 | — | 0.03 | Nov 10, 2009 | Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool." | |||
| CVE-2009-2831 | 0.00 | — | 0.01 | Nov 10, 2009 | Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue." | |||
| CVE-2009-2830 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might… | |||
| CVE-2009-2829 | 0.00 | — | 0.02 | Nov 10, 2009 | Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"… | |||
| CVE-2009-2828 | 0.00 | — | 0.03 | Nov 10, 2009 | The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2009-2827 | 0.00 | — | 0.03 | Nov 10, 2009 | Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image. | |||
| CVE-2009-2826 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow. | |||
| CVE-2009-2825 | 0.00 | — | 0.01 | Nov 10, 2009 | Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted… | |||
| CVE-2009-2824 | 0.00 | — | 0.03 | Nov 10, 2009 | Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document. | |||
| CVE-2009-2823 | 0.00 | — | 0.02 | Nov 10, 2009 | The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software. | |||
| CVE-2009-2819 | 0.00 | — | 0.02 | Nov 10, 2009 | AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors. | |||
| CVE-2009-2818 | 0.00 | — | 0.02 | Nov 10, 2009 | Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack). | |||
| CVE-2009-2810 | 0.00 | — | 0.03 | Nov 10, 2009 | Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"… | |||
| CVE-2009-2808 | 0.00 | — | 0.01 | Nov 10, 2009 | Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response. | |||
| CVE-2009-3767 | 0.00 | — | 0.03 | Oct 23, 2009 | libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2009-3455 | 0.00 | — | 0.01 | Sep 29, 2009 | Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued… | |||
| CVE-2009-3273 | 0.00 | — | 0.01 | Sep 21, 2009 | iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. | |||
| CVE-2009-2201 | 0.00 | — | 0.00 | Sep 15, 2009 | The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog. | |||
| CVE-2009-2814 | 0.00 | — | 0.02 | Sep 14, 2009 | Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding. | |||
| CVE-2009-2813 | 0.00 | — | 0.03 | Sep 14, 2009 | Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,… | |||
| CVE-2009-2812 | 0.00 | — | 0.02 | Sep 14, 2009 | Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a… | |||
| CVE-2009-2811 | 0.00 | — | 0.03 | Sep 14, 2009 | Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature. | |||
| CVE-2009-2809 | 0.00 | — | 0.03 | Sep 14, 2009 | ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues." | |||
| CVE-2009-2807 | 0.00 | — | 0.00 | Sep 14, 2009 | Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2009-2805 | 0.00 | — | 0.03 | Sep 14, 2009 | Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow. | |||
| CVE-2009-2804 | 0.00 | — | 0.04 | Sep 14, 2009 | Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a… | |||
| CVE-2009-2803 | 0.00 | — | 0.02 | Sep 14, 2009 | CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork. | |||
| CVE-2009-2800 | 0.00 | — | 0.03 | Sep 11, 2009 | Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file. | |||
| CVE-2009-2815 | 0.00 | — | 0.02 | Sep 10, 2009 | The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | |||
| CVE-2009-2799 | 0.00 | — | 0.06 | Sep 10, 2009 | Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file. | |||
| CVE-2009-2798 | 0.00 | — | 0.06 | Sep 10, 2009 | Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. | |||
| CVE-2009-2797 | 0.00 | — | 0.04 | Sep 10, 2009 | The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web… | |||
| CVE-2009-2796 | 0.00 | — | 0.00 | Sep 10, 2009 | The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |||
| CVE-2009-2795 | 0.00 | — | 0.00 | Sep 10, 2009 | Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing." | |||
| CVE-2009-2794 | 0.00 | — | 0.00 | Sep 10, 2009 | The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large… | |||
| CVE-2009-2207 | 0.00 | — | 0.00 | Sep 10, 2009 | The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. | |||
| CVE-2009-2206 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted… | |||
| CVE-2009-2203 | 0.00 | — | 0.06 | Sep 10, 2009 | Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file. | |||
| CVE-2009-2202 | 0.00 | — | 0.05 | Sep 10, 2009 | Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file. | |||
| CVE-2009-2205 | 0.00 | — | 0.02 | Sep 9, 2009 | Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2009-3016 | 0.00 | — | 0.01 | Aug 31, 2009 | Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2)… | |||
| CVE-2009-2474 | 0.00 | — | 0.01 | Aug 21, 2009 | neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate… | |||
| CVE-2009-2200 | 0.00 | — | 0.02 | Aug 12, 2009 | WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document. | |||
| CVE-2009-2199 | 0.00 | — | 0.03 | Aug 12, 2009 | Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified… | |||
| CVE-2009-2196 | 0.00 | — | 0.05 | Aug 12, 2009 | Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors. | |||
| CVE-2009-2194 | 0.00 | — | 0.00 | Aug 6, 2009 | Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue." | |||
| CVE-2009-2192 | 0.00 | — | 0.03 | Aug 6, 2009 | MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue." |
- CVE-2009-2835Nov 10, 2009risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.6.2 does not properly handle task state segments, which allows local users to gain privileges, cause a denial of service (system crash), or obtain sensitive information via unspecified vectors.
- CVE-2009-2834Nov 10, 2009risk 0.00cvss —epss 0.00
IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the firmware of a (1) USB or (2) Bluetooth keyboard via unspecified vectors.
- CVE-2009-2833Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in the UCCompareTextDefault API in International Components for Unicode in Apple Mac OS X 10.5.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2009-2832Nov 10, 2009risk 0.00cvss —epss 0.03
Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a CWD command specifying a pathname in a deeply nested hierarchy of directories, related to a "CWD command line tool."
- CVE-2009-2831Nov 10, 2009risk 0.00cvss —epss 0.01
Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create arbitrary files with any contents, and thereby execute arbitrary code, via crafted JavaScript, related to a "design issue."
- CVE-2009-2830Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might…
- CVE-2009-2829Nov 10, 2009risk 0.00cvss —epss 0.02
Event Monitor in Apple Mac OS X 10.5.8 does not properly handle crafted authentication data sent to an SSH daemon, which allows remote attackers to cause a denial of service via vectors involving processing of XML log documents by other services, related to a "log injection"…
- CVE-2009-2828Nov 10, 2009risk 0.00cvss —epss 0.03
The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
- CVE-2009-2827Nov 10, 2009risk 0.00cvss —epss 0.03
Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.
- CVE-2009-2826Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.
- CVE-2009-2825Nov 10, 2009risk 0.00cvss —epss 0.01
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted…
- CVE-2009-2824Nov 10, 2009risk 0.00cvss —epss 0.03
Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.
- CVE-2009-2823Nov 10, 2009risk 0.00cvss —epss 0.02
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified web client software.
- CVE-2009-2819Nov 10, 2009risk 0.00cvss —epss 0.02
AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via unspecified vectors.
- CVE-2009-2818Nov 10, 2009risk 0.00cvss —epss 0.02
Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly handle invalid usernames in SSH login attempts, which makes it easier for remote attackers to obtain login access via a brute-force attack (aka dictionary attack).
- CVE-2009-2810Nov 10, 2009risk 0.00cvss —epss 0.03
Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe"…
- CVE-2009-2808Nov 10, 2009risk 0.00cvss —epss 0.01
Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS connection to retrieve Apple Help content from a web site, which allows man-in-the-middle attackers to send a crafted help:runscript link, and thereby execute arbitrary code, via a spoofed response.
- CVE-2009-3767Oct 23, 2009risk 0.00cvss —epss 0.03
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof…
- CVE-2009-3455Sep 29, 2009risk 0.00cvss —epss 0.01
Apple Safari, possibly before 4.0.3, on Mac OS X does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued…
- CVE-2009-3273Sep 21, 2009risk 0.00cvss —epss 0.01
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate.
- CVE-2009-2201Sep 15, 2009risk 0.00cvss —epss 0.00
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.
- CVE-2009-2814Sep 14, 2009risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.
- CVE-2009-2813Sep 14, 2009risk 0.00cvss —epss 0.03
Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames,…
- CVE-2009-2812Sep 14, 2009risk 0.00cvss —epss 0.02
Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a…
- CVE-2009-2811Sep 14, 2009risk 0.00cvss —epss 0.03
Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.
- CVE-2009-2809Sep 14, 2009risk 0.00cvss —epss 0.03
ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."
- CVE-2009-2807Sep 14, 2009risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
- CVE-2009-2805Sep 14, 2009risk 0.00cvss —epss 0.03
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JBIG2 stream in a PDF file, leading to a heap-based buffer overflow.
- CVE-2009-2804Sep 14, 2009risk 0.00cvss —epss 0.04
Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a…
- CVE-2009-2803Sep 14, 2009risk 0.00cvss —epss 0.02
CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.
- CVE-2009-2800Sep 11, 2009risk 0.00cvss —epss 0.03
Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.
- CVE-2009-2815Sep 10, 2009risk 0.00cvss —epss 0.02
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
- CVE-2009-2799Sep 10, 2009risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.
- CVE-2009-2798Sep 10, 2009risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
- CVE-2009-2797Sep 10, 2009risk 0.00cvss —epss 0.04
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web…
- CVE-2009-2796Sep 10, 2009risk 0.00cvss —epss 0.00
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
- CVE-2009-2795Sep 10, 2009risk 0.00cvss —epss 0.00
Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing."
- CVE-2009-2794Sep 10, 2009risk 0.00cvss —epss 0.00
The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large…
- CVE-2009-2207Sep 10, 2009risk 0.00cvss —epss 0.00
The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages.
- CVE-2009-2206Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted…
- CVE-2009-2203Sep 10, 2009risk 0.00cvss —epss 0.06
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
- CVE-2009-2202Sep 10, 2009risk 0.00cvss —epss 0.05
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
- CVE-2009-2205Sep 9, 2009risk 0.00cvss —epss 0.02
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2009-3016Aug 31, 2009risk 0.00cvss —epss 0.01
Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2)…
- CVE-2009-2474Aug 21, 2009risk 0.00cvss —epss 0.01
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…
- CVE-2009-2200Aug 12, 2009risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
- CVE-2009-2199Aug 12, 2009risk 0.00cvss —epss 0.03
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified…
- CVE-2009-2196Aug 12, 2009risk 0.00cvss —epss 0.05
Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote web servers to place an arbitrary web site in the Top Sites view, and possibly conduct phishing attacks, via unknown vectors.
- CVE-2009-2194Aug 6, 2009risk 0.00cvss —epss 0.00
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
- CVE-2009-2192Aug 6, 2009risk 0.00cvss —epss 0.03
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
Page 153 of 169