Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21574 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-02-24 | N/A | 7.8 HIGH |
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2013-1824 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Enterprise Linux | 2023-02-13 | 4.3 MEDIUM | N/A |
| The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. | |||||
| CVE-2010-2249 | 8 Apple, Canonical, Debian and 5 more | 12 Iphone Os, Itunes, Safari and 9 more | 2023-02-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | |||||
| CVE-2010-2806 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow. | |||||
| CVE-2010-2808 | 3 Apple, Canonical, Freetype | 5 Iphone Os, Mac Os X, Tvos and 2 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font. | |||||
| CVE-2010-2519 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. | |||||
| CVE-2010-2500 | 4 Apple, Canonical, Debian and 1 more | 4 Mac Os X, Ubuntu Linux, Debian Linux and 1 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. | |||||
| CVE-2009-1181 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-02-13 | 4.3 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | |||||
| CVE-2008-3529 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Safari and 3 more | 2023-02-13 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name. | |||||
| CVE-2009-0800 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2009-0791 | 1 Apple | 1 Cups | 2023-02-13 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. | |||||
| CVE-2009-1179 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2007-3850 | 2 Apple, Linux | 2 Powerpc, Linux Kernel | 2023-02-13 | 1.9 LOW | N/A |
| The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on PowerPC, does not properly map userspace resources, which allows local users to read portions of physical address space. | |||||
| CVE-2007-3387 | 6 Apple, Canonical, Debian and 3 more | 6 Cups, Ubuntu Linux, Debian Linux and 3 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | |||||
| CVE-2009-1183 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2023-02-13 | 4.3 MEDIUM | N/A |
| The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | |||||
| CVE-2015-7499 | 7 Apple, Canonical, Debian and 4 more | 15 Iphone Os, Mac Os X, Tvos and 12 more | 2023-02-13 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. | |||||
| CVE-2015-7500 | 6 Apple, Canonical, Debian and 3 more | 13 Iphone Os, Mac Os X, Tvos and 10 more | 2023-02-13 | 5.0 MEDIUM | N/A |
| The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. | |||||
| CVE-2014-8129 | 4 Apple, Debian, Libtiff and 1 more | 8 Iphone Os, Mac Os X, Debian Linux and 5 more | 2023-02-13 | 6.8 MEDIUM | 8.8 HIGH |
| LibTIFF 4.0.3 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by failure of tif_next.c to verify that the BitsPerSample value is 2, and the t2p_sample_lab_signed_to_unsigned function in tiff2pdf.c. | |||||
| CVE-2014-3537 | 3 Apple, Canonical, Fedoraproject | 3 Cups, Ubuntu Linux, Fedora | 2023-02-13 | 1.2 LOW | N/A |
| The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/. | |||||
| CVE-2014-3565 | 3 Apple, Canonical, Net-snmp | 3 Mac Os X, Ubuntu Linux, Net-snmp | 2023-02-13 | 5.0 MEDIUM | N/A |
| snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. | |||||