Filtered by vendor Apple
Subscribe
Total
11189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2340 | 1 Apple | 1 Quicktime | 2018-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field. | |||||
| CVE-2004-0622 | 1 Apple | 1 Mac Os X | 2018-10-19 | 2.1 LOW | N/A |
| Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory. | |||||
| CVE-2003-0168 | 1 Apple | 1 Quicktime | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. | |||||
| CVE-2006-2277 | 1 Apple | 1 Mac Os X | 2018-10-18 | 5.0 MEDIUM | N/A |
| Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file. | |||||
| CVE-2006-2019 | 1 Apple | 1 Safari | 2018-10-18 | 5.0 MEDIUM | N/A |
| Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | |||||
| CVE-2006-1471 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-18 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. | |||||
| CVE-2006-1467 | 1 Apple | 1 Itunes | 2018-10-18 | 5.1 MEDIUM | N/A |
| Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | |||||
| CVE-2006-1465 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. | |||||
| CVE-2006-1464 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. | |||||
| CVE-2006-1463 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. | |||||
| CVE-2006-1462 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. | |||||
| CVE-2006-1461 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. | |||||
| CVE-2006-1460 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. | |||||
| CVE-2006-1459 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). | |||||
| CVE-2006-1454 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data. | |||||
| CVE-2006-1453 | 1 Apple | 1 Quicktime | 2018-10-18 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information. | |||||
| CVE-2006-1249 | 1 Apple | 2 Itunes, Quicktime | 2018-10-18 | 6.8 MEDIUM | N/A |
| Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. | |||||
| CVE-2006-6015 | 1 Apple | 1 Mac Os X | 2018-10-17 | 5.0 MEDIUM | N/A |
| Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | |||||
| CVE-2006-4965 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.0 MEDIUM | N/A |
| Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer. | |||||
| CVE-2006-4392 | 2 Apple, Next | 2 Mac Os X, Openstep | 2018-10-17 | 7.2 HIGH | N/A |
| The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. | |||||