Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1013 | 1 Apple | 1 Quicktime | 2017-08-08 | 6.8 MEDIUM | N/A |
| Apple QuickTime before 7.4.5 enables deserialization of QTJava objects by untrusted Java applets, which allows remote attackers to execute arbitrary code via a crafted applet. | |||||
| CVE-2008-1007 | 1 Apple | 1 Safari | 2017-08-08 | 4.3 MEDIUM | N/A |
| WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2008-0052 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file type, which allows remote attackers to force Safari users into opening an .ief file in AppleWorks, even when the "Open 'Safe' files" preference is set. | |||||
| CVE-2008-1031 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 9.3 HIGH | N/A |
| CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable. | |||||
| CVE-2008-1032 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via an (1) Automator, (2) Help, (3) Safari, or (4) Terminal content type for a downloadable object, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5. | |||||
| CVE-2008-0059 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.8 MEDIUM | N/A |
| Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic." | |||||
| CVE-2008-0050 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers to spoof secure websites via data in a 502 Bad Gateway error. | |||||
| CVE-2008-1027 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 4.3 MEDIUM | N/A |
| Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 does not verify that requested files and directories are inside shared folders, which allows remote attackers to read arbitrary files via unspecified AFP traffic. | |||||
| CVE-2008-0999 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.1 HIGH | N/A |
| Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial of service (crash) via a crafted Universal Disc Format (UDF) disk image, which triggers a NULL pointer dereference. | |||||
| CVE-2008-0987 | 1 Apple | 4 Aperture, Iphoto, Mac Os X and 1 more | 2017-08-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and Digital Camera RAW Compatibility before Update 2.0 for Aperture 2 and iPhoto 7.1.2, allows remote attackers to execute arbitrary code via a crafted Adobe Digital Negative (DNG) image. | |||||
| CVE-2008-1024 | 2 Apple, Microsoft | 3 Safari, Windows Vista, Windows Xp | 2017-08-08 | 6.8 MEDIUM | N/A |
| Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. | |||||
| CVE-2008-0045 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 7.1 HIGH | N/A |
| Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 allows remote attackers to bypass cross-realm authentication via unknown manipulations of Kerberos principal realm names. | |||||
| CVE-2008-0989 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.9 MEDIUM | N/A |
| Format string vulnerability in mDNSResponderHelper in Apple Mac OS X 10.5.2 allows local users to execute arbitrary code via format string specifiers in the local hostname. | |||||
| CVE-2008-0048 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via the a long file name to the NSDocument API. | |||||
| CVE-2008-0994 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 2.6 LOW | N/A |
| Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods. | |||||
| CVE-2008-1010 | 1 Apple | 1 Safari | 2017-08-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows remote attackers to execute arbitrary code via crafted regular expressions in JavaScript. | |||||
| CVE-2008-1015 | 1 Apple | 1 Quicktime | 2017-08-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in the data reference atom handling in Apple QuickTime before 7.4.5 allows remote attackers to execute arbitrary code via a crafted movie. | |||||
| CVE-2008-0056 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a "long pathname with an unexpected structure" that triggers the overflow in NSFileManager. | |||||
| CVE-2008-1023 | 1 Apple | 1 Quicktime | 2017-08-08 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime before 7.4.5 on Windows allows remote attackers to execute arbitrary code via a crafted PICT image file. | |||||
| CVE-2008-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-08 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list. | |||||