VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,445 total · sorted by risk
  • CVE-2007-5851Dec 19, 2007
    risk 0.00cvss epss 0.01

    iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote attackers to automatically initiate a video connection to another user via unknown vectors.

  • CVE-2007-5853Dec 19, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.

  • CVE-2007-5856Dec 19, 2007
    risk 0.00cvss epss 0.02

    Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.

  • CVE-2007-5850Dec 19, 2007
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file.

  • CVE-2007-5848Dec 19, 2007
    risk 0.00cvss epss 0.01

    Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.

  • CVE-2007-5859Dec 19, 2007
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.

  • CVE-2007-5847Dec 19, 2007
    risk 0.00cvss epss 0.00

    Race condition in the CFURLWriteDataAndPropertiesToResource API in Core Foundation in Apple Mac OS X 10.4.11 creates files with insecure permissions, which might allow local users to obtain sensitive information.

  • CVE-2007-5857Dec 19, 2007
    risk 0.00cvss epss 0.03

    Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from accessing URLs when the movie file is previewed or if an icon is created, which might allow remote attackers to obtain sensitive information via HREFTrack.

  • CVE-2007-5862Dec 18, 2007
    risk 0.00cvss epss 0.03

    Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.

  • CVE-2007-4707Dec 15, 2007
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.

  • CVE-2007-4706Dec 15, 2007
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows remote attackers to execute arbitrary code via a crafted QTL file.

  • CVE-2007-6238Dec 4, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows remote attackers to execute arbitrary code via unknown attack vectors, probably a different vulnerability than CVE-2007-6166. NOTE: this information is based upon a vague advisory by a vulnerability…

  • CVE-2007-4674Nov 27, 2007
    risk 0.00cvss epss 0.04

    An "integer arithmetic" error in Apple QuickTime 7.2 allows remote attackers to execute arbitrary code via a crafted movie file containing a movie atom with a large size value, which triggers a stack-based buffer overflow.

  • CVE-2007-4703Nov 15, 2007
    risk 0.00cvss epss 0.03

    The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended…

  • CVE-2007-4704Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.

  • CVE-2007-4702Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.

  • CVE-2007-4699Nov 15, 2007
    risk 0.00cvss epss 0.02

    The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions.

  • CVE-2007-4700Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to use Safari as an indirect proxy and send attacker-controlled data to arbitrary TCP ports via unknown vectors.

  • CVE-2007-4701Nov 15, 2007
    risk 0.00cvss epss 0.00

    WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create temporary files securely when Safari is previewing a PDF file, which allows local users to read the contents of that file.

  • CVE-2007-4682Nov 15, 2007
    risk 0.00cvss epss 0.03

    CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted text content that triggers an access of an uninitialized object pointer.

  • CVE-2007-4680Nov 15, 2007
    risk 0.00cvss epss 0.01

    CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.

  • CVE-2007-4683Nov 15, 2007
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to bypass the chroot mechanism via a relative path when changing the current working directory.

  • CVE-2007-4685Nov 15, 2007
    risk 0.00cvss epss 0.00

    The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to gain privileges by executing setuid or setgid programs in which the stdio, stderr, or stdout file descriptors are "in an unexpected state."

  • CVE-2007-4269Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.

  • CVE-2007-4691Nov 15, 2007
    risk 0.00cvss epss 0.02

    The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.

  • CVE-2007-4686Nov 15, 2007
    risk 0.00cvss epss 0.00

    Integer signedness error in the ttioctl function in bsd/kern/tty.c in the xnu kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to cause a denial of service (system shutdown) or gain privileges via a crafted TIOCSETD ioctl request.

  • CVE-2007-4697Nov 15, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

  • CVE-2007-4679Nov 15, 2007
    risk 0.00cvss epss 0.02

    CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.

  • CVE-2007-4681Nov 15, 2007
    risk 0.00cvss epss 0.00

    Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted directory hierarchy.

  • CVE-2007-4696Nov 15, 2007
    risk 0.00cvss epss 0.01

    Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari.

  • CVE-2007-4688Nov 15, 2007
    risk 0.00cvss epss 0.02

    The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain all addresses for a host, including link-local addresses, via a Node Information Query.

  • CVE-2007-4267Nov 15, 2007
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted IOCTL request that adds an AppleTalk zone to a routing table.

  • CVE-2007-4694Nov 15, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to access local content via file:// URLs.

  • CVE-2007-4693Nov 15, 2007
    risk 0.00cvss epss 0.00

    The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows attackers with physical access to bypass the authentication dialog of the screen saver and send keystrokes to a process, related to "handling of keyboard focus between secure text fields."

  • CVE-2007-4678Nov 15, 2007
    risk 0.00cvss epss 0.02

    AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows attackers to cause a denial of service (crash) via a crafted striped disk image, which triggers a NULL pointer dereference when it is mounted.

  • CVE-2007-4687Nov 15, 2007
    risk 0.00cvss epss 0.02

    The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.

  • CVE-2007-4695Nov 15, 2007
    risk 0.00cvss epss 0.02

    Unspecified "input validation" vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to modify form field values via unknown vectors related to file uploads.

  • CVE-2007-4690Nov 15, 2007
    risk 0.00cvss epss 0.04

    Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.

  • CVE-2007-4698Nov 15, 2007
    risk 0.00cvss epss 0.02

    Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to conduct cross-site scripting (XSS) attacks by causing JavaScript events to be associated with the wrong frame.

  • CVE-2007-4692Nov 15, 2007
    risk 0.00cvss epss 0.02

    The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 through 10.4.10, allows remote attackers to spoof HTTP authentication for other sites and possibly conduct phishing attacks by causing an authentication sheet to be displayed for…

  • CVE-2007-1661Nov 7, 2007
    risk 0.00cvss epss 0.02

    Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as…

  • CVE-2007-4767Nov 7, 2007
    risk 0.00cvss epss 0.05

    Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \p sequence, (2) a \P sequence, or (3) a \P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary…

  • CVE-2007-4673Oct 4, 2007
    risk 0.00cvss epss 0.02

    Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.

  • CVE-2007-3760Sep 27, 2007
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.

  • CVE-2007-3761Sep 27, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.

  • CVE-2007-3758Sep 27, 2007
    risk 0.00cvss epss 0.03

    Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting…

  • CVE-2007-3759Sep 27, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.

  • CVE-2007-4671Sep 27, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be…

  • CVE-2007-3755Sep 27, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.

  • CVE-2007-3754Sep 27, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

Page 160 of 169