VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2008-2308Jul 1, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount…

  • CVE-2008-2306Jun 23, 2008
    risk 0.00cvss epss 0.04

    Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

  • CVE-2008-1581Jun 10, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

  • CVE-2008-1583Jun 10, 2008
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT image, a different vulnerability than CVE-2008-1581.

  • CVE-2008-1582Jun 10, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AAC-encoded file that triggers memory corruption.

  • CVE-2008-1584Jun 10, 2008
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file.

  • CVE-2008-1585Jun 10, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler handler for unrecognized URIs in qt:next attributes within SMIL text in video files, which sends these URIs to explorer.exe and thereby allows remote attackers to execute arbitrary programs, as originally…

  • CVE-2008-1573Jun 2, 2008
    risk 0.00cvss epss 0.02

    The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X before 10.5.3 allows remote attackers to obtain sensitive information (memory contents) via a crafted (1) BMP or (2) GIF image, which causes an out-of-bounds read.

  • CVE-2008-1032Jun 2, 2008
    risk 0.00cvss epss 0.04

    Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a…

  • CVE-2008-1577Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file, related to "multiple memory corruption issues."

  • CVE-2008-1031Jun 2, 2008
    risk 0.00cvss epss 0.06

    CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.

  • CVE-2008-1580Jun 2, 2008
    risk 0.00cvss epss 0.01

    CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically sends an SSL client certificate in response to a web server's certificate request, which allows remote web sites to obtain sensitive information (Subject data) from personally identifiable certificates, and use…

  • CVE-2008-1571Jun 2, 2008
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in the embedded web server in Image Capture in Apple Mac OS X before 10.5 allows remote attackers to read arbitrary files via directory traversal sequences in the URI.

  • CVE-2008-1033Jun 2, 2008
    risk 0.00cvss epss 0.02

    The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."

  • CVE-2008-1572Jun 2, 2008
    risk 0.00cvss epss 0.00

    Image Capture in Apple Mac OS X before 10.5 does not properly use temporary files, which allows local users to overwrite arbitrary files, and display images that are being resized by this application.

  • CVE-2008-1579Jun 2, 2008
    risk 0.00cvss epss 0.03

    Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote attackers to obtain sensitive information (user names) by reading the error message produced upon access to a nonexistent blog.

  • CVE-2008-1030Jun 2, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the CFDataReplaceBytes function in the CFData API in CoreFoundation in Apple Mac OS X before 10.5.3 allows context-dependent attackers to execute arbitrary code or cause a denial of service (crash) via an invalid length argument, which triggers a heap-based…

  • CVE-2008-1036Jun 2, 2008
    risk 0.00cvss epss 0.03

    The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct…

  • CVE-2008-1576Jun 2, 2008
    risk 0.00cvss epss 0.04

    Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in…

  • CVE-2008-1027Jun 2, 2008
    risk 0.00cvss epss 0.02

    Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic.

  • CVE-2008-1578Jun 2, 2008
    risk 0.00cvss epss 0.00

    The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 places passwords on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2008-1575Jun 2, 2008
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing.

  • CVE-2008-1028Jun 2, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.

  • CVE-2008-2010Apr 30, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However,…

  • CVE-2008-1999Apr 28, 2008
    risk 0.00cvss epss 0.01

    Apple Safari 3.1.1 allows remote attackers to spoof the address bar by placing many "invisible" characters in the userinfo subcomponent of the authority component of the URL (aka the user field), as demonstrated by %E3%80%80 sequences.

  • CVE-2008-2001Apr 28, 2008
    risk 0.00cvss epss 0.02

    Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via a file:///%E2 link that triggers an out-of-bounds access, possibly due to a NULL pointer dereference.

  • CVE-2008-2000Apr 28, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

  • CVE-2008-1025Apr 17, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a colon in the hostname portion.

  • CVE-2008-1024Apr 17, 2008
    risk 0.00cvss epss 0.04

    Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

  • CVE-2008-1026Apr 17, 2008
    risk 0.00cvss epss 0.05

    Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition counts, which triggers a…

  • CVE-2008-1014Apr 4, 2008
    risk 0.00cvss epss 0.02

    Apple QuickTime before 7.4.5 does not properly handle external URLs in movies, which allows remote attackers to obtain sensitive information.

  • CVE-2008-1023Apr 4, 2008
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file.

  • CVE-2008-1018Apr 4, 2008
    risk 0.00cvss epss 0.06

    Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via an MP4A movie with a malformed Channel Compositor (aka chan) atom.

  • CVE-2008-1016Apr 4, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

  • CVE-2008-1015Apr 4, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie.

  • CVE-2008-1013Apr 4, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet.

  • CVE-2008-1374Apr 4, 2008
    risk 0.00cvss epss 0.04

    Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

  • CVE-2008-1012Mar 20, 2008
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in Apple AirPort Extreme Base Station Firmware 7.3.1 allows remote attackers to cause a denial of service (file sharing hang) via a crafted AFP request, related to "input validation."

  • CVE-2008-1002Mar 19, 2008
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 allows remote attackers to inject arbitrary web script or HTML via a crafted javascript: URL.

  • CVE-2008-1005Mar 19, 2008
    risk 0.00cvss epss 0.00

    WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.

  • CVE-2008-1009Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary JavaScript by modifying the history object.

  • CVE-2008-1006Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML by using the window.open function to change the security context of a web page.

  • CVE-2008-1011Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via a frame that calls a method instance in another frame.

  • CVE-2008-1007Mar 19, 2008
    risk 0.00cvss epss 0.03

    WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks.

  • CVE-2008-1004Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the Web Inspector.

  • CVE-2008-1008Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via the document.domain property.

  • CVE-2008-1010Mar 19, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript.

  • CVE-2008-1003Mar 19, 2008
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple Safari before 3.1, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to sites that set the document.domain property or have the same document.domain.

  • CVE-2008-1001Mar 19, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, when running on Windows XP or Vista, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is not properly handled in the error page.

  • CVE-2008-0056Mar 18, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

Page 158 of 169