Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2432 | 1 Apple | 1 Cups | 2013-05-15 | 5.0 MEDIUM | N/A |
| The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. | |||||
| CVE-2010-2431 | 1 Apple | 1 Cups | 2013-05-15 | 2.6 LOW | N/A |
| The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file. | |||||
| CVE-2010-1411 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-05-15 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the Fax3SetupState function in tif_fax3.c in the FAX3 decoder in LibTIFF before 3.9.3, as used in ImageIO in Apple Mac OS X 10.5.8 and Mac OS X 10.6 before 10.6.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file that triggers a heap-based buffer overflow. | |||||
| CVE-2010-0393 | 1 Apple | 1 Cups | 2013-05-15 | 6.9 MEDIUM | N/A |
| The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. | |||||
| CVE-2012-0680 | 1 Apple | 1 Safari | 2013-04-02 | 5.0 MEDIUM | N/A |
| Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
| CVE-2012-0681 | 1 Apple | 1 Apple Remote Desktop | 2013-04-02 | 4.3 MEDIUM | N/A |
| Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | |||||
| CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2013-03-26 | 3.6 LOW | N/A |
| The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | |||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2012-3737 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |||||
| CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2013-03-23 | 6.9 MEDIUM | N/A |
| The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |||||
| CVE-2012-3695 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | |||||
| CVE-2012-3696 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | |||||
| CVE-2012-3650 | 1 Apple | 1 Safari | 2013-03-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
| CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | |||||
| CVE-2013-0966 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.4 MEDIUM | N/A |
| The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||||
| CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 4.3 MEDIUM | N/A |
| CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||||
| CVE-2013-0969 | 1 Apple | 1 Mac Os X | 2013-03-18 | 4.9 MEDIUM | N/A |
| Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | |||||
| CVE-2013-0971 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | |||||
| CVE-2013-0961 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | |||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||||