In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default "Bluetooth On" value must be present in Settings.
Max CVSS
7.9
EPSS Score
0.20%
Published
2017-09-12
Updated
2019-05-14
This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.
Max CVSS
7.9
EPSS Score
0.05%
Published
2019-12-18
Updated
2019-12-31
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
Max CVSS
7.8
EPSS Score
0.28%
Published
2005-11-29
Updated
2016-10-18
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
Max CVSS
7.8
EPSS Score
12.31%
Published
2005-12-22
Updated
2017-07-20
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference.
Max CVSS
7.8
EPSS Score
8.67%
Published
2006-05-12
Updated
2017-07-20
The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.
Max CVSS
7.8
EPSS Score
4.84%
Published
2007-01-18
Updated
2011-03-08
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (persistent application crash) via a crafted phsh hash attribute in a TXT key.
Max CVSS
7.8
EPSS Score
6.66%
Published
2007-01-31
Updated
2008-09-05
The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier allows subdomain cookies to be accessed by the parent domain, which allows remote attackers to obtain sensitive information.
Max CVSS
7.8
EPSS Score
1.68%
Published
2007-04-24
Updated
2011-03-08
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
Max CVSS
7.8
EPSS Score
59.50%
Published
2007-02-22
Updated
2011-03-08
Apple Safari Beta 3.0.1 for Windows public beta allows remote attackers to cause a denial of service (crash) via unspecified DHTML manipulations that trigger memory corruption, as demonstrated using Hamachi.
Max CVSS
7.8
EPSS Score
2.65%
Published
2007-06-12
Updated
2017-07-29
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
Max CVSS
7.8
EPSS Score
2.90%
Published
2007-06-19
Updated
2012-10-31
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
Max CVSS
7.8
EPSS Score
0.34%
Published
2007-06-28
Updated
2008-11-15
The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the current Mach Thread Port or Thread Exception Port when executing a setuid program, which allows local users to execute arbitrary code by creating the port before launching the setuid program, then writing to the address space of the setuid process.
Max CVSS
7.8
EPSS Score
0.04%
Published
2007-11-15
Updated
2024-02-09
Integer signedness error in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk message with a negative value, which satisfies a signed comparison during mbuf allocation but is later interpreted as an unsigned value, which triggers a heap-based buffer overflow.
Max CVSS
7.8
EPSS Score
0.04%
Published
2007-11-15
Updated
2024-02-02
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
Max CVSS
7.8
EPSS Score
20.41%
Published
2007-12-07
Updated
2017-09-29
Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows user-assisted attackers to cause a denial of service (continuous termination and restart) via a crafted Desktop file that generates an error when producing its icon, related to an "error recovery issue."
Max CVSS
7.8
EPSS Score
0.19%
Published
2008-10-10
Updated
2017-08-08
Directory traversal vulnerability in the web interface in Apple iPhone Configuration Web Utility 1.0 on Windows allows remote attackers to read arbitrary files via unspecified vectors.
Max CVSS
7.8
EPSS Score
0.45%
Published
2008-12-03
Updated
2018-10-11
The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 does not properly initialize a buffer, which allows remote attackers to read portions of memory.
Max CVSS
7.8
EPSS Score
0.63%
Published
2009-02-13
Updated
2011-03-08
Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted resource fork that triggers memory corruption.
Max CVSS
7.8
EPSS Score
3.41%
Published
2009-02-13
Updated
2011-03-08
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
Max CVSS
7.8
EPSS Score
0.63%
Published
2009-06-19
Updated
2022-08-09
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
Max CVSS
7.8
EPSS Score
3.30%
Published
2009-08-06
Updated
2017-08-17
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
Max CVSS
7.8
EPSS Score
0.23%
Published
2009-09-10
Updated
2009-09-24
Event Monitor in Apple Mac OS X before 10.6.3 does not properly validate hostnames of SSH clients, which allows remote attackers to cause a denial of service (arbitrary client blacklisting) via a crafted DNS PTR record, related to a "plist injection issue."
Max CVSS
7.8
EPSS Score
0.16%
Published
2010-03-30
Updated
2010-03-31
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-04-13
Updated
2017-04-21
Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.
Max CVSS
7.8
EPSS Score
6.50%
Published
2010-11-16
Updated
2010-12-10
1648 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!