Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 11077 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1082 8 Apache, Apple, Avaya and 5 more 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more 2024-02-04 7.5 HIGH N/A
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
CVE-2002-1368 2 Apple, Easy Software Products 2 Mac Os X, Cups 2024-02-04 7.5 HIGH N/A
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
CVE-2003-0422 1 Apple 1 Darwin Streaming Server 2024-02-04 5.0 MEDIUM N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters.
CVE-2003-0355 2 Apple, Kde 2 Safari, Konqueror Embedded 2024-02-04 5.0 MEDIUM N/A
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
CVE-2004-0429 1 Apple 1 Mac Os X 2024-02-04 10.0 HIGH N/A
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
CVE-2010-0050 1 Apple 1 Safari 2024-02-03 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
CVE-2010-0302 1 Apple 1 Cups 2024-02-03 4.3 MEDIUM 7.5 HIGH
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
CVE-2010-2941 1 Apple 1 Cups 2024-02-02 9.3 HIGH 9.8 CRITICAL
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
CVE-2009-3553 1 Apple 1 Cups 2024-02-02 5.0 MEDIUM 7.5 HIGH
Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information.
CVE-2002-1898 1 Apple 1 Mac Os X 2024-02-02 7.2 HIGH N/A
Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window.
CVE-2009-1955 7 Apache, Apple, Canonical and 4 more 7 Apr-util, Mac Os X, Ubuntu Linux and 4 more 2024-02-02 5.0 MEDIUM 7.5 HIGH
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVE-2023-42926 1 Apple 1 Macos 2024-02-02 N/A 7.8 HIGH
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
CVE-2023-42894 1 Apple 1 Macos 2024-02-02 N/A 5.5 MEDIUM
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user's contacts.
CVE-2023-42882 1 Apple 1 Macos 2024-02-02 N/A 7.8 HIGH
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution.
CVE-2021-30860 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2024-02-02 6.8 MEDIUM 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2007-4268 1 Apple 1 Mac Os X 2024-02-02 7.2 HIGH 7.8 HIGH
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.
CVE-2023-6857 5 Apple, Debian, Google and 2 more 7 Macos, Debian Linux, Android and 4 more 2024-02-02 N/A 5.3 MEDIUM
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.