Export limit exceeded: 14587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (14587 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-0161 1 Apple 3 Iphone Os, Safari, Webkit 2025-04-11 N/A
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
CVE-2011-3102 3 Apple, Google, Redhat 3 Iphone Os, Chrome, Enterprise Linux 2025-04-11 N/A
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
CVE-2009-2801 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified firewall rules after a reboot, which might allow remote attackers to bypass intended access restrictions via packet data, related to a "timing issue."
CVE-2009-4242 4 Apple, Microsoft, Realnetworks and 1 more 7 Mac Os X, Windows, Helix Player and 4 more 2025-04-11 N/A
Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function in datatype/image/gif/common/gifcodec.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via a GIF file with crafted chunk sizes that trigger improper memory allocation.
CVE-2010-1790 3 Apple, Microsoft, Redhat 8 Mac Os X, Mac Os X Server, Safari and 5 more 2025-04-11 N/A
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue."
CVE-2010-2665 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."
CVE-2010-2660 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2025-04-11 N/A
Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX platforms, does not properly restrict certain uses of homograph characters in domain names, which makes it easier for remote attackers to spoof IDN domains via unspecified choices of characters.
CVE-2010-2659 4 Apple, Microsoft, Opera and 1 more 4 Mac Os X, Windows, Opera Browser and 1 more 2025-04-11 N/A
Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before 10.60 on UNIX platforms makes widget properties accessible to third-party domains, which allows remote attackers to obtain potentially sensitive information via a crafted web site.
CVE-2010-2657 3 Apple, Microsoft, Opera 3 Macos, Windows, Opera Browser 2025-04-11 N/A
Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog.
CVE-2008-7303 1 Apple 1 Mac Os X 2025-04-11 N/A
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516.
CVE-2010-0019 2 Apple, Microsoft 3 Mac Os X, Silverlight, Windows 2025-04-11 N/A
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
CVE-2012-1147 2 Apple, Libexpat Project 2 Mac Os X, Libexpat 2025-04-11 N/A
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVE-2012-0651 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
CVE-2010-3783 1 Apple 1 Mac Os X Server 2025-04-11 N/A
Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.
CVE-2012-0652 1 Apple 1 Mac Os X 2025-04-11 N/A
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
CVE-2010-0040 2 Apple, Microsoft 2 Safari, Windows 2025-04-11 N/A
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
CVE-2010-3784 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.
CVE-2012-0654 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
CVE-2010-0048 1 Apple 1 Safari 2025-04-11 8.8 High
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
CVE-2010-3789 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2025-04-11 N/A
QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.