VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2008-0989Mar 18, 2008
    risk 0.00cvss epss 0.00

    Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname.

  • CVE-2008-0988Mar 18, 2008
    risk 0.00cvss epss 0.02

    Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.

  • CVE-2008-0052Mar 18, 2008
    risk 0.00cvss epss 0.02

    CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set.

  • CVE-2008-0987Mar 18, 2008
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image.

  • CVE-2008-0996Mar 18, 2008
    risk 0.00cvss epss 0.00

    The Printing component in Apple Mac OS X 10.5.2 might save authentication credentials to disk when starting a job on an authenticated print queue, which might allow local users to obtain the credentials.

  • CVE-2008-0993Mar 18, 2008
    risk 0.00cvss epss 0.00

    Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.

  • CVE-2008-0998Mar 18, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in NetCfgTool in the System Configuration component in Apple Mac OS X 10.4.11 and 10.5.2 allows local users to bypass authorization and execute arbitrary code via crafted distributed objects.

  • CVE-2008-0992Mar 18, 2008
    risk 0.00cvss epss 0.03

    Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

  • CVE-2008-0056Mar 18, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager.

  • CVE-2008-0055Mar 18, 2008
    risk 0.00cvss epss 0.00

    Foundation in Apple Mac OS X 10.4.11 creates world-writable directories while NSFileManager copies files recursively and only modifies the permissions afterward, which allows local users to modify copied files to cause a denial of service and possibly gain privileges.

  • CVE-2008-0999Mar 18, 2008
    risk 0.00cvss epss 0.03

    Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference.

  • CVE-2008-0060Mar 18, 2008
    risk 0.00cvss epss 0.02

    Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote attackers to execute arbitrary Applescript via a help:topic_list URL that injects HTML or JavaScript into a topic list page, as demonstrated using a help:runscript link.

  • CVE-2008-0059Mar 18, 2008
    risk 0.00cvss epss 0.02

    Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

  • CVE-2008-0054Mar 18, 2008
    risk 0.00cvss epss 0.05

    Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be used.

  • CVE-2008-0995Mar 18, 2008
    risk 0.00cvss epss 0.02

    The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.

  • CVE-2008-0990Mar 18, 2008
    risk 0.00cvss epss 0.00

    notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death notifications have originated from the kernel, which allows local users to cause a denial of service via spoofed death notifications that prevent other applications from receiving notifications.

  • CVE-2008-0058Mar 18, 2008
    risk 0.00cvss epss 0.03

    Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

  • CVE-2008-0050Mar 18, 2008
    risk 0.00cvss epss 0.02

    CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error.

  • CVE-2008-0051Mar 18, 2008
    risk 0.00cvss epss 0.00

    Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might allow local users to execute arbitrary code via crafted time zone data.

  • CVE-2008-0057Mar 18, 2008
    risk 0.00cvss epss 0.03

    Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list.

  • CVE-2008-0045Mar 18, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names.

  • CVE-2008-0044Mar 18, 2008
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.

  • CVE-2008-0048Mar 18, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API.

  • CVE-2008-0046Mar 18, 2008
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect German translation for the "Set access for specific services and applications" radio button that might cause the user to believe that the button is used to restrict access only to specific services and…

  • CVE-2008-0049Mar 18, 2008
    risk 0.00cvss epss 0.00

    AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication mach port available for inter-process communication instead of inter-thread communication, which allows local users to execute arbitrary code via crafted messages to privileged applications.

  • CVE-2008-0997Mar 18, 2008
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when…

  • CVE-2008-1147Mar 4, 2008
    risk 0.00cvss epss 0.02

    A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka "Algorithm X2"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess…

  • CVE-2008-0894Feb 21, 2008
    risk 0.00cvss epss 0.01

    Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

  • CVE-2008-0041Feb 12, 2008
    risk 0.00cvss epss 0.02

    Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls.

  • CVE-2008-0037Feb 12, 2008
    risk 0.00cvss epss 0.02

    X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server.

  • CVE-2008-0039Feb 12, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.

  • CVE-2008-0038Feb 12, 2008
    risk 0.00cvss epss 0.00

    Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application.

  • CVE-2008-0042Feb 12, 2008
    risk 0.00cvss epss 0.04

    Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes.

  • CVE-2008-0043Feb 8, 2008
    risk 0.00cvss epss 0.04

    Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.

  • CVE-2007-6427Jan 18, 2008
    risk 0.00cvss epss 0.04

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.

  • CVE-2008-0036Jan 16, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a crafted compressed PICT image, which triggers the overflow during decoding.

  • CVE-2008-0033Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.

  • CVE-2008-0032Jan 16, 2008
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

  • CVE-2008-0034Jan 16, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.

  • CVE-2008-0031Jan 16, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

  • CVE-2008-0035Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that…

  • CVE-2007-6592Dec 28, 2007
    risk 0.00cvss epss 0.01

    Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into…

  • CVE-2007-4710Dec 19, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.

  • CVE-2007-4709Dec 19, 2007
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in CFNetwork in Apple Mac OS X 10.5.1 allows remote attackers to overwrite arbitrary files via a crafted HTTP response.

  • CVE-2007-4708Dec 19, 2007
    risk 0.00cvss epss 0.05

    Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.

  • CVE-2007-5855Dec 19, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has been set up using Account Assistant, can use plaintext authentication even when MD5 Challenge-Response authentication is available, which makes it easier for remote attackers to sniff account activity.

  • CVE-2007-5861Dec 19, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted .XLS file that triggers memory corruption in the Microsoft Office Spotlight Importer.

  • CVE-2007-5858Dec 19, 2007
    risk 0.00cvss epss 0.03

    WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive…

  • CVE-2007-5847Dec 19, 2007
    risk 0.00cvss epss 0.00

    Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

  • CVE-2007-5854Dec 19, 2007
    risk 0.00cvss epss 0.01

    Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.

Page 159 of 169