VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,444 total · sorted by risk
  • CVE-2009-2191Aug 6, 2009
    risk 0.00cvss epss 0.04

    Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in an application name.

  • CVE-2009-2190Aug 6, 2009
    risk 0.00cvss epss 0.04

    launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.

  • CVE-2009-1728Aug 6, 2009
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

  • CVE-2009-1727Aug 6, 2009
    risk 0.00cvss epss 0.03

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe…

  • CVE-2009-1723Aug 6, 2009
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect…

  • CVE-2009-0151Aug 6, 2009
    risk 0.00cvss epss 0.00

    The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.

  • CVE-2009-2198Aug 4, 2009
    risk 0.00cvss epss 0.02

    Apple GarageBand before 5.1 reconfigures Safari to accept all cookies regardless of domain name, which makes it easier for remote web servers to track users.

  • CVE-2009-1721Jul 31, 2009
    risk 0.00cvss epss 0.04

    The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

  • CVE-2009-1725Jul 9, 2009
    risk 0.00cvss epss 0.06

    WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows…

  • CVE-2009-2421Jul 9, 2009
    risk 0.00cvss epss 0.03

    The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an…

  • CVE-2009-2420Jul 9, 2009
    risk 0.00cvss epss 0.01

    Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue…

  • CVE-2009-1692Jun 19, 2009
    risk 0.00cvss epss 0.04

    WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement…

  • CVE-2009-1683Jun 19, 2009
    risk 0.00cvss epss 0.03

    The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."

  • CVE-2009-1680Jun 19, 2009
    risk 0.00cvss epss 0.00

    Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.

  • CVE-2009-1679Jun 19, 2009
    risk 0.00cvss epss 0.00

    The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate…

  • CVE-2009-0960Jun 19, 2009
    risk 0.00cvss epss 0.02

    The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML…

  • CVE-2009-0959Jun 19, 2009
    risk 0.00cvss epss 0.03

    The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."

  • CVE-2009-0958Jun 19, 2009
    risk 0.00cvss epss 0.01

    Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers…

  • CVE-2009-1719Jun 16, 2009
    risk 0.00cvss epss 0.05

    The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.

  • CVE-2009-2072Jun 15, 2009
    risk 0.00cvss epss 0.00

    Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent…

  • CVE-2009-2066Jun 15, 2009
    risk 0.00cvss epss 0.01

    Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file…

  • CVE-2009-2062Jun 15, 2009
    risk 0.00cvss epss 0.01

    Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary…

  • CVE-2009-2058Jun 15, 2009
    risk 0.00cvss epss 0.01

    Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an…

  • CVE-2009-2027Jun 10, 2009
    risk 0.00cvss epss 0.00

    The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.

  • CVE-2009-1718Jun 10, 2009
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

  • CVE-2009-1716Jun 10, 2009
    risk 0.00cvss epss 0.00

    CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files.

  • CVE-2009-1715Jun 10, 2009
    risk 0.00cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

  • CVE-2009-1714Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

  • CVE-2009-1713Jun 10, 2009
    risk 0.00cvss epss 0.02

    The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

  • CVE-2009-1710Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

  • CVE-2009-1708Jun 10, 2009
    risk 0.00cvss epss 0.05

    Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

  • CVE-2009-1707Jun 10, 2009
    risk 0.00cvss epss 0.00

    Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors.

  • CVE-2009-1706Jun 10, 2009
    risk 0.00cvss epss 0.01

    The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users…

  • CVE-2009-1705Jun 10, 2009
    risk 0.00cvss epss 0.05

    CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

  • CVE-2009-1704Jun 10, 2009
    risk 0.00cvss epss 0.03

    CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

  • CVE-2009-1703Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

  • CVE-2009-1702Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and…

  • CVE-2009-1700Jun 10, 2009
    risk 0.00cvss epss 0.03

    The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

  • CVE-2009-1697Jun 10, 2009
    risk 0.00cvss epss 0.03

    CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site…

  • CVE-2009-1696Jun 10, 2009
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.

  • CVE-2009-1695Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after…

  • CVE-2009-1694Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection,…

  • CVE-2009-1693Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."

  • CVE-2009-1691Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for…

  • CVE-2009-1689Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank…

  • CVE-2009-1688Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through…

  • CVE-2009-1685Jun 10, 2009
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an…

  • CVE-2009-1682Jun 10, 2009
    risk 0.00cvss epss 0.01

    Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

  • CVE-2009-1681Jun 10, 2009
    risk 0.00cvss epss 0.03

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking"…

  • CVE-2009-1196Jun 9, 2009
    risk 0.00cvss epss 0.03

    The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."

Page 154 of 169