Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Total 12272 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3259 1 Apple 2 Apple Tv, Iphone Os 2025-04-11 5.0 MEDIUM N/A
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
CVE-2010-1809 1 Apple 2 Iphone Os, Ipod Touch 2025-04-11 10.0 HIGH N/A
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
CVE-2010-4295 3 Apple, Linux, Vmware 6 Mac Os X, Linux Kernel, Fusion and 3 more 2025-04-11 6.9 MEDIUM N/A
Race condition in the mounting process in vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 allows host OS users to gain privileges via vectors involving temporary files.
CVE-2010-0508 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 10.0 HIGH N/A
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
CVE-2011-0198 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 6.8 MEDIUM N/A
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.8 allows remote attackers to execute arbitrary code via a crafted embedded TrueType font.
CVE-2012-2854 4 Apple, Google, Linux and 1 more 5 Mac Os X, Chrome, Frame and 2 more 2025-04-11 5.0 MEDIUM N/A
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to obtain potentially sensitive information about pointer values by leveraging access to a WebUI renderer process.
CVE-2013-5167 1 Apple 1 Mac Os X 2025-04-11 5.0 MEDIUM N/A
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
CVE-2012-0630 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2012-3732 1 Apple 1 Iphone Os 2025-04-11 6.4 MEDIUM N/A
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
CVE-2013-0950 1 Apple 1 Iphone Os 2025-04-11 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
CVE-2010-2530 3 Apple, Freebsd, Netbsd 3 Mac Os X, Freebsd, Netbsd 2025-04-11 4.9 MEDIUM N/A
Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call.
CVE-2009-2189 1 Apple 5 Airport Express, Airport Express Base Station Firmware, Airport Extreme and 2 more 2025-04-11 6.1 MEDIUM N/A
The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets.
CVE-2014-0499 4 Adobe, Apple, Linux and 1 more 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more 2025-04-11 7.8 HIGH N/A
Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before 11.2.202.341 on Linux, Adobe AIR before 4.0.0.1628 on Android, Adobe AIR SDK before 4.0.0.1628, and Adobe AIR SDK & Compiler before 4.0.0.1628 do not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors.
CVE-2011-4372 3 Adobe, Apple, Microsoft 4 Acrobat, Reader, Macos and 1 more 2025-04-11 7.5 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.
CVE-2011-0112 2 Apple, Microsoft 6 Itunes, Webkit, Windows and 3 more 2025-04-11 7.6 HIGH N/A
WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE-2011-3457 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 7.5 HIGH N/A
The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language (aka GLSL) compilation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted program.
CVE-2010-3646 6 Adobe, Apple, Google and 3 more 6 Flash Player, Mac Os X, Android and 3 more 2025-04-11 9.3 HIGH N/A
Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, a different vulnerability than CVE-2010-3640, CVE-2010-3641, CVE-2010-3642, CVE-2010-3643, CVE-2010-3644, CVE-2010-3645, CVE-2010-3647, CVE-2010-3648, CVE-2010-3649, CVE-2010-3650, and CVE-2010-3652.
CVE-2011-2391 1 Apple 3 Iphone Os, Itunes, Mac Os X 2025-04-11 6.1 MEDIUM N/A
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
CVE-2012-3719 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 6.8 MEDIUM N/A
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
CVE-2012-2856 4 Apple, Google, Linux and 1 more 5 Mac Os X, Chrome, Frame and 2 more 2025-04-11 7.5 HIGH N/A
The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger out-of-bounds write operations.