Filtered by vendor Apple Subscriptions
Total 14575 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-3218 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The "Save for Web" selection in QuickTime Player in Apple Mac OS X through 10.6.8 exports HTML documents that contain an http link to a script file, which allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks by spoofing the http server during local viewing of an exported document.
CVE-2011-3216 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call.
CVE-2012-0682 1 Apple 1 Safari 2025-04-11 N/A
WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1.
CVE-2012-0643 1 Apple 1 Iphone Os 2025-04-11 N/A
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
CVE-2012-0640 1 Apple 1 Safari 2025-04-11 N/A
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
CVE-2011-3998 1 Apple 1 Webobjects 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0044 1 Apple 1 Safari 2025-04-11 N/A
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.
CVE-2010-0046 1 Apple 1 Safari 2025-04-11 N/A
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
CVE-2010-0055 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
CVE-2011-3653 2 Apple, Mozilla 3 Mac Os X, Firefox, Thunderbird 2025-04-11 N/A
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.
CVE-2010-0060 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDMC encoding.
CVE-2012-0632 1 Apple 2 Iphone Os, Itunes 2025-04-11 N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2011-3253 1 Apple 1 Iphone Os 2025-04-11 N/A
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
CVE-2010-0127 3 Adobe, Apple, Microsoft 3 Shockwave Player, Macos, Windows 2025-04-11 8.8 High
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.
CVE-2011-3254 1 Apple 1 Iphone Os 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
CVE-2011-3038 3 Apple, Google, Opensuse 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
CVE-2012-0625 1 Apple 2 Iphone Os, Itunes 2025-04-11 N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2010-0211 5 Apple, Openldap, Opensuse and 2 more 6 Mac Os X, Mac Os X Server, Openldap and 3 more 2025-04-11 9.8 Critical
The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite.
CVE-2012-0617 1 Apple 2 Iphone Os, Itunes 2025-04-11 N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2011-3074 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 N/A
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.