Apple iOS before 10, when Handoff for Messages is used, does not ensure that a Messages signin has occurred before displaying messages, which might allow attackers to obtain sensitive information via unspecified vectors.
Max CVSS
2.9
EPSS Score
0.14%
Published
2016-09-18
Updated
2017-08-13
Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use malicious applets to read files outside of the CODEBASE context via the ARCHIVE applet parameter.
Max CVSS
2.6
EPSS Score
0.41%
Published
2001-02-12
Updated
2017-12-19
Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
Max CVSS
2.6
EPSS Score
26.83%
Published
2005-05-02
Updated
2016-10-18
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.
Max CVSS
2.6
EPSS Score
1.60%
Published
2005-05-03
Updated
2016-10-18
Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
Max CVSS
2.6
EPSS Score
1.52%
Published
2005-07-13
Updated
2017-07-11
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
Max CVSS
2.6
EPSS Score
0.06%
Published
2005-08-19
Updated
2008-09-05
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
Max CVSS
2.6
EPSS Score
0.58%
Published
2005-11-05
Updated
2018-10-19
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
Max CVSS
2.6
EPSS Score
1.17%
Published
2006-03-03
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
Max CVSS
2.6
EPSS Score
0.49%
Published
2006-03-03
Updated
2017-07-20
Safari on Apple Mac OS X 10.4.6, when "Open `safe' files after downloading" is enabled, will automatically expand archives, which could allow remote attackers to overwrite arbitrary files via an archive that contains a symlink.
Max CVSS
2.6
EPSS Score
0.61%
Published
2006-05-12
Updated
2017-07-20
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
Max CVSS
2.6
EPSS Score
0.77%
Published
2006-07-06
Updated
2017-07-20
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
Max CVSS
2.6
EPSS Score
0.51%
Published
2006-10-03
Updated
2017-07-20
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.
Max CVSS
2.6
EPSS Score
0.67%
Published
2006-12-20
Updated
2011-03-08
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
Max CVSS
2.6
EPSS Score
1.87%
Published
2007-02-20
Updated
2018-10-16
CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands.
Max CVSS
2.6
EPSS Score
0.22%
Published
2007-11-15
Updated
2018-10-26
Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF file with encryption, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.15%
Published
2008-03-18
Updated
2017-08-08
The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when printing to an encrypted PDF file, which makes it easier for attackers to decrypt the file via brute force methods.
Max CVSS
2.6
EPSS Score
0.17%
Published
2008-03-18
Updated
2017-08-08
Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.
Max CVSS
2.6
EPSS Score
0.21%
Published
2008-09-11
Updated
2008-09-11
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
Max CVSS
2.6
EPSS Score
1.99%
Published
2008-11-25
Updated
2022-08-09
WebKit in Apple Safari before 4.0 allows remote attackers to spoof the browser's display of (1) the host name, (2) security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.
Max CVSS
2.6
EPSS Score
0.58%
Published
2009-06-10
Updated
2017-08-17
The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 modifies PORT commands in incoming FTP traffic, which allows remote attackers to use the device's IP address for arbitrary intranet TCP traffic by leveraging write access to an intranet FTP server.
Max CVSS
2.6
EPSS Score
0.29%
Published
2010-12-22
Updated
2011-01-19
DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly resolve pathnames in certain circumstances involving an application's save panel, which allows user-assisted remote attackers to trigger unintended remote file copying via a crafted share name.
Max CVSS
2.6
EPSS Score
0.18%
Published
2010-03-30
Updated
2010-06-18
WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event.
Max CVSS
2.6
EPSS Score
0.21%
Published
2010-02-18
Updated
2018-11-16
The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.
Max CVSS
2.6
EPSS Score
0.36%
Published
2010-07-30
Updated
2017-09-19
The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
Max CVSS
2.6
EPSS Score
0.04%
Published
2010-06-22
Updated
2013-05-15
239 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!