Filtered by vendor Apple
Subscribe
Total
11189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3631 | 1 Apple | 1 Ipod Touch | 2011-03-08 | 7.1 HIGH | N/A |
| Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. | |||||
| CVE-2008-2306 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2011-03-08 | 9.3 HIGH | N/A |
| Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files. | |||||
| CVE-2008-0988 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS X 10.4.11 allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read. | |||||
| CVE-2008-0043 | 1 Apple | 1 Iphoto | 2011-03-08 | 9.3 HIGH | N/A |
| Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions. | |||||
| CVE-2008-0042 | 1 Apple | 1 Mac Os X | 2011-03-08 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Terminal.app in Terminal in Apple Mac OS X 10.4.11 and 10.5 through 10.5.1 allows remote attackers to execute arbitrary code via unspecified URL schemes. | |||||
| CVE-2008-0041 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts www.apple.com "when a website is unblocked," which allows remote attackers to determine when a system is running Parental Controls. | |||||
| CVE-2008-0040 | 1 Apple | 1 Mac Os X | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption. | |||||
| CVE-2008-0039 | 1 Apple | 2 Mac Os X, Mail | 2011-03-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | |||||
| CVE-2008-0038 | 1 Apple | 1 Mac Os X | 2011-03-08 | 1.9 LOW | N/A |
| Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an uninstalled application to be launched if it is in a Time Machine backup, which might allow local users to bypass intended security restrictions or exploit vulnerabilities in the application. | |||||
| CVE-2008-0037 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.3 MEDIUM | N/A |
| X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle when the "Allow connections from network client" preference is disabled, which allows remote attackers to bypass intended access restrictions and connect to the X server. | |||||
| CVE-2007-5862 | 1 Apple | 1 Mac Os X | 2011-03-08 | 9.4 HIGH | N/A |
| Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet. | |||||
| CVE-2007-4696 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to obtain information for forms from other sites via unknown vectors related to "page transitions" in Safari. | |||||
| CVE-2007-1071 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.8 HIGH | N/A |
| Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503. | |||||
| CVE-2007-0746 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference". | |||||
| CVE-2007-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when executing commands, which allows local users to gain privileges by setting unspecified environment variables. | |||||
| CVE-2007-0743 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.9 MEDIUM | N/A |
| URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username and password credentials for mounting filesystems on SMB servers as command line arguments to the mount_sub command, which may allow local users to obtain sensitive information by listing the process. | |||||
| CVE-2007-0742 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.8 HIGH | N/A |
| The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2007-0741 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 through 10.4.9, when Internet Sharing is enabled, allows remote attackers to execute arbitrary code via malformed RTSP packets. | |||||
| CVE-2007-0739 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the software update window beneath the loginwindow authentication dialog in certain circumstances related to running scheduled tasks, which allows local users to bypass authentication controls. | |||||
| CVE-2007-0738 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not display the screen saver authentication dialog in certain circumstances when waking from sleep, even though the "require a password to wake the computer from sleep" option is enabled, which allows local users to bypass authentication controls. | |||||