| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. |
| ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. |
| PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. |
| Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. |
| Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document. |
| QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding. |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. |
| Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25. |
| Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291. |
| ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. |
| Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. |
| Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet. |
| ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image. |
| Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image. |
| The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors. |
| The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. |
| The psh_glyph_find_strong_points function in pshinter/pshalgo.c in FreeType before 2.4.0 does not properly implement hinting masks, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a crafted font file that triggers an invalid free operation. |
| Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. |
| Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving floating styles. |
