Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14587 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1413 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends NTLM credentials in cleartext in unspecified circumstances, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-0958 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| CVE-2010-1177 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | ||||
| CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | ||||
| CVE-2013-0989 | 2 Apple, Microsoft | 4 Quicktime, Windows 7, Windows Vista and 1 more | 2025-04-11 | N/A |
| Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. | ||||
| CVE-2013-5158 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | ||||
| CVE-2013-0981 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-11 | N/A |
| The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. | ||||
| CVE-2013-5157 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | ||||
| CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | ||||
| CVE-2011-0624 | 7 Adobe, Apple, Google and 4 more | 7 Flash Player, Mac Os X, Android and 4 more | 2025-04-11 | N/A |
| Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code via unspecified vectors, related to a "bounds checking" issue, a different vulnerability than CVE-2011-0623, CVE-2011-0625, and CVE-2011-0626. | ||||
| CVE-2013-0956 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | ||||
| CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
| CVE-2012-1521 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-11 | N/A |
| Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2013-5152 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | ||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||
| CVE-2013-5143 | 1 Apple | 1 Os X Server | 2025-04-11 | N/A |
| The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. | ||||
| CVE-2010-2249 | 9 Apple, Canonical, Debian and 6 more | 13 Iphone Os, Itunes, Safari and 10 more | 2025-04-11 | 6.5 Medium |
| Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||||
| CVE-2013-0964 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-11 | N/A |
| The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. | ||||
| CVE-2010-1838 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name. | ||||
| CVE-2011-0610 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-11 | N/A |
| The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||||