Vendor CVEs
Apple Inc.
All CVEs
8,445 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2308 | 0.00 | — | 0.00 | Jul 1, 2008 | Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount… | |||
| CVE-2008-2306 | 0.00 | — | 0.04 | Jun 23, 2008 | Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | |||
| CVE-2008-1581 | 0.00 | — | 0.05 | Jun 10, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image. | |||
| CVE-2008-1583 | 0.00 | — | 0.04 | Jun 10, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581. | |||
| CVE-2008-1582 | 0.00 | — | 0.04 | Jun 10, 2008 | Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption. | |||
| CVE-2008-1584 | 0.00 | — | 0.06 | Jun 10, 2008 | Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file. | |||
| CVE-2008-1585 | 0.00 | — | 0.04 | Jun 10, 2008 | Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally… | |||
| CVE-2008-1573 | 0.00 | — | 0.02 | Jun 2, 2008 | The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read. | |||
| CVE-2008-1032 | 0.00 | — | 0.04 | Jun 2, 2008 | Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a… | |||
| CVE-2008-1577 | 0.00 | — | 0.06 | Jun 2, 2008 | Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues." | |||
| CVE-2008-1031 | 0.00 | — | 0.06 | Jun 2, 2008 | CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | |||
| CVE-2008-1580 | 0.00 | — | 0.01 | Jun 2, 2008 | CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use… | |||
| CVE-2008-1571 | 0.00 | — | 0.04 | Jun 2, 2008 | Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. | |||
| CVE-2008-1033 | 0.00 | — | 0.02 | Jun 2, 2008 | The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables." | |||
| CVE-2008-1572 | 0.00 | — | 0.00 | Jun 2, 2008 | Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application. | |||
| CVE-2008-1579 | 0.00 | — | 0.03 | Jun 2, 2008 | Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog. | |||
| CVE-2008-1030 | 0.00 | — | 0.05 | Jun 2, 2008 | Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based… | |||
| CVE-2008-1036 | 0.00 | — | 0.03 | Jun 2, 2008 | The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct… | |||
| CVE-2008-1576 | 0.00 | — | 0.04 | Jun 2, 2008 | Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in… | |||
| CVE-2008-1027 | 0.00 | — | 0.02 | Jun 2, 2008 | Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | |||
| CVE-2008-1578 | 0.00 | — | 0.00 | Jun 2, 2008 | The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2008-1575 | 0.00 | — | 0.06 | Jun 2, 2008 | Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing. | |||
| CVE-2008-1028 | 0.00 | — | 0.05 | Jun 2, 2008 | Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit. | |||
| CVE-2008-2010 | 0.00 | — | 0.03 | Apr 30, 2008 | Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,… | |||
| CVE-2008-1999 | 0.00 | — | 0.01 | Apr 28, 2008 | Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences. | |||
| CVE-2008-2001 | 0.00 | — | 0.02 | Apr 28, 2008 | Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference. | |||
| CVE-2008-2000 | 0.00 | — | 0.01 | Apr 28, 2008 | Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||
| CVE-2008-1025 | 0.00 | — | 0.03 | Apr 17, 2008 | Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion. | |||
| CVE-2008-1024 | 0.00 | — | 0.04 | Apr 17, 2008 | Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | |||
| CVE-2008-1026 | 0.00 | — | 0.05 | Apr 17, 2008 | Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a… | |||
| CVE-2008-1014 | 0.00 | — | 0.02 | Apr 4, 2008 | Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information. | |||
| CVE-2008-1023 | 0.00 | — | 0.05 | Apr 4, 2008 | Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | |||
| CVE-2008-1018 | 0.00 | — | 0.06 | Apr 4, 2008 | Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom. | |||
| CVE-2008-1016 | 0.00 | — | 0.04 | Apr 4, 2008 | Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption. | |||
| CVE-2008-1015 | 0.00 | — | 0.06 | Apr 4, 2008 | Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||
| CVE-2008-1013 | 0.00 | — | 0.04 | Apr 4, 2008 | Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | |||
| CVE-2008-1374 | 0.00 | — | 0.04 | Apr 4, 2008 | Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888. | |||
| CVE-2008-1012 | 0.00 | — | 0.01 | Mar 20, 2008 | Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation." | |||
| CVE-2008-1002 | 0.00 | — | 0.03 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL. | |||
| CVE-2008-1005 | 0.00 | — | 0.00 | Mar 19, 2008 | WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password. | |||
| CVE-2008-1009 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object. | |||
| CVE-2008-1006 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page. | |||
| CVE-2008-1011 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame. | |||
| CVE-2008-1007 | 0.00 | — | 0.03 | Mar 19, 2008 | WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||
| CVE-2008-1004 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector. | |||
| CVE-2008-1008 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property. | |||
| CVE-2008-1010 | 0.00 | — | 0.05 | Mar 19, 2008 | Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||
| CVE-2008-1003 | 0.00 | — | 0.02 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain. | |||
| CVE-2008-1001 | 0.00 | — | 0.01 | Mar 19, 2008 | Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page. | |||
| CVE-2008-0056 | 0.00 | — | 0.04 | Mar 18, 2008 | Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. |
- CVE-2008-2308Jul 1, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount…
- CVE-2008-2306Jun 23, 2008risk 0.00cvss —epss 0.04
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
- CVE-2008-1581Jun 10, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.
- CVE-2008-1583Jun 10, 2008risk 0.00cvss —epss 0.04
Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.
- CVE-2008-1582Jun 10, 2008risk 0.00cvss —epss 0.04
Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.
- CVE-2008-1584Jun 10, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.
- CVE-2008-1585Jun 10, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally…
- CVE-2008-1573Jun 2, 2008risk 0.00cvss —epss 0.02
The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.
- CVE-2008-1032Jun 2, 2008risk 0.00cvss —epss 0.04
Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…
- CVE-2008-1577Jun 2, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."
- CVE-2008-1031Jun 2, 2008risk 0.00cvss —epss 0.06
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
- CVE-2008-1580Jun 2, 2008risk 0.00cvss —epss 0.01
CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use…
- CVE-2008-1571Jun 2, 2008risk 0.00cvss —epss 0.04
Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.
- CVE-2008-1033Jun 2, 2008risk 0.00cvss —epss 0.02
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."
- CVE-2008-1572Jun 2, 2008risk 0.00cvss —epss 0.00
Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.
- CVE-2008-1579Jun 2, 2008risk 0.00cvss —epss 0.03
Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.
- CVE-2008-1030Jun 2, 2008risk 0.00cvss —epss 0.05
Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…
- CVE-2008-1036Jun 2, 2008risk 0.00cvss —epss 0.03
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…
- CVE-2008-1576Jun 2, 2008risk 0.00cvss —epss 0.04
Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in…
- CVE-2008-1027Jun 2, 2008risk 0.00cvss —epss 0.02
Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.
- CVE-2008-1578Jun 2, 2008risk 0.00cvss —epss 0.00
The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2008-1575Jun 2, 2008risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.
- CVE-2008-1028Jun 2, 2008risk 0.00cvss —epss 0.05
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
- CVE-2008-2010Apr 30, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…
- CVE-2008-1999Apr 28, 2008risk 0.00cvss —epss 0.01
Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.
- CVE-2008-2001Apr 28, 2008risk 0.00cvss —epss 0.02
Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.
- CVE-2008-2000Apr 28, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.
- CVE-2008-1025Apr 17, 2008risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.
- CVE-2008-1024Apr 17, 2008risk 0.00cvss —epss 0.04
Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.
- CVE-2008-1026Apr 17, 2008risk 0.00cvss —epss 0.05
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a…
- CVE-2008-1014Apr 4, 2008risk 0.00cvss —epss 0.02
Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.
- CVE-2008-1023Apr 4, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.
- CVE-2008-1018Apr 4, 2008risk 0.00cvss —epss 0.06
Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.
- CVE-2008-1016Apr 4, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.
- CVE-2008-1015Apr 4, 2008risk 0.00cvss —epss 0.06
Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.
- CVE-2008-1013Apr 4, 2008risk 0.00cvss —epss 0.04
Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.
- CVE-2008-1374Apr 4, 2008risk 0.00cvss —epss 0.04
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
- CVE-2008-1012Mar 20, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."
- CVE-2008-1002Mar 19, 2008risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.
- CVE-2008-1005Mar 19, 2008risk 0.00cvss —epss 0.00
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
- CVE-2008-1009Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.
- CVE-2008-1006Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.
- CVE-2008-1011Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.
- CVE-2008-1007Mar 19, 2008risk 0.00cvss —epss 0.03
WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
- CVE-2008-1004Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.
- CVE-2008-1008Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.
- CVE-2008-1010Mar 19, 2008risk 0.00cvss —epss 0.05
Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.
- CVE-2008-1003Mar 19, 2008risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.
- CVE-2008-1001Mar 19, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.
- CVE-2008-0056Mar 18, 2008risk 0.00cvss —epss 0.04
Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.
Page 158 of 169