Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0718

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Mar, 2007 | 22:00
Updated At-07 Aug, 2024 | 12:26
Rejected At-
Credits

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Mar, 2007 | 22:00
Updated At:07 Aug, 2024 | 12:26
Rejected At:
▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2007/0825
vdb-entry
x_refsource_VUPEN
http://www.kb.cert.org/vuls/id/313225
third-party-advisory
x_refsource_CERT-VN
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
third-party-advisory
x_refsource_IDEFENSE
http://www.securityfocus.com/bid/22827
vdb-entry
x_refsource_BID
http://secunia.com/advisories/24359
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/462012/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
http://www.securitytracker.com/id?1017725
vdb-entry
x_refsource_SECTRACK
http://www.us-cert.gov/cas/techalerts/TA07-065A.html
third-party-advisory
x_refsource_CERT
http://www.securityfocus.com/bid/22839
vdb-entry
x_refsource_BID
http://docs.info.apple.com/article.html?artnum=305149
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
vdb-entry
x_refsource_XF
Hyperlink: http://www.vupen.com/english/advisories/2007/0825
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.kb.cert.org/vuls/id/313225
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://www.securityfocus.com/bid/22827
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://secunia.com/advisories/24359
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/462012/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://www.securitytracker.com/id?1017725
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-065A.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: http://www.securityfocus.com/bid/22839
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://docs.info.apple.com/article.html?artnum=305149
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.vupen.com/english/advisories/2007/0825
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.kb.cert.org/vuls/id/313225
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://www.securityfocus.com/bid/22827
vdb-entry
x_refsource_BID
x_transferred
http://secunia.com/advisories/24359
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/462012/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://www.securitytracker.com/id?1017725
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.us-cert.gov/cas/techalerts/TA07-065A.html
third-party-advisory
x_refsource_CERT
x_transferred
http://www.securityfocus.com/bid/22839
vdb-entry
x_refsource_BID
x_transferred
http://docs.info.apple.com/article.html?artnum=305149
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0825
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/313225
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/22827
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://secunia.com/advisories/24359
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/462012/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://www.securitytracker.com/id?1017725
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-065A.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/22839
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://docs.info.apple.com/article.html?artnum=305149
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Mar, 2007 | 22:19
Updated At:23 Apr, 2026 | 00:35

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P
CPE Matches

Apple Inc.
apple
>>quicktime>>7.0
cpe:2.3:a:apple:quicktime:7.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.0.1
cpe:2.3:a:apple:quicktime:7.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.0.2
cpe:2.3:a:apple:quicktime:7.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.0.3
cpe:2.3:a:apple:quicktime:7.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.0.4
cpe:2.3:a:apple:quicktime:7.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.1
cpe:2.3:a:apple:quicktime:7.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.1.1
cpe:2.3:a:apple:quicktime:7.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.1.2
cpe:2.3:a:apple:quicktime:7.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.1.3
cpe:2.3:a:apple:quicktime:7.1.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>quicktime>>7.1.4
cpe:2.3:a:apple:quicktime:7.1.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-119Primarynvd@nist.gov
CWE ID: CWE-119
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://docs.info.apple.com/article.html?artnum=305149cve@mitre.org
Patch
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486cve@mitre.org
N/A
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.htmlcve@mitre.org
Vendor Advisory
http://secunia.com/advisories/24359cve@mitre.org
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/313225cve@mitre.org
US Government Resource
http://www.securityfocus.com/archive/1/462012/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/22827cve@mitre.org
N/A
http://www.securityfocus.com/bid/22839cve@mitre.org
N/A
http://www.securitytracker.com/id?1017725cve@mitre.org
Patch
http://www.us-cert.gov/cas/techalerts/TA07-065A.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2007/0825cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826cve@mitre.org
N/A
http://docs.info.apple.com/article.html?artnum=305149af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/24359af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/313225af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/archive/1/462012/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/22827af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/22839af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1017725af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.us-cert.gov/cas/techalerts/TA07-065A.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2007/0825af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/32826af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://docs.info.apple.com/article.html?artnum=305149
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24359
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/313225
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/archive/1/462012/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/22827
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/22839
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1017725
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-065A.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/0825
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://docs.info.apple.com/article.html?artnum=305149
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=486
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/Security-announce/2007/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24359
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/313225
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/archive/1/462012/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/22827
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/22839
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1017725
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA07-065A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/0825
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32826
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2404Records found

CVE-2008-0044
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-4.49% / 90.33%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and 10.5.2 allow remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted afp:// URL.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0992
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-3.14% / 86.34%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0716
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.09% / 92.54%
||
7 Day CHG~0.00%
Published-05 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2007-0713
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.09% / 92.55%
||
7 Day CHG~0.00%
Published-05 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2014-1242
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.02% / 59.17%
||
7 Day CHG~0.00%
Published-23 Jan, 2014 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.

Action-Not Available
Vendor-n/aApple Inc.
Product-itunesn/a
CVE-2019-8530
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.91% / 55.63%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2. A malicious application may be able to overwrite arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xtvostvOSmacOSiOS
CVE-2017-2389
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-1.76% / 75.31%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_ossafarin/a
CVE-2011-0219
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.61% / 73.01%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CVE-2022-26773
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.54% / 41.40%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 19:28
Updated-30 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiTunes for Windows
CWE ID-CWE-285
Improper Authorization
CVE-2022-22721
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-41.86% / 98.52%
||
7 Day CHG~0.00%
Published-14 Mar, 2022 | 10:15
Updated-03 Aug, 2024 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody

If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.

Action-Not Available
Vendor-The Apache Software FoundationApple Inc.Fedora ProjectDebian GNU/LinuxOracle Corporation
Product-http_serverdebian_linuxfedorazfs_storage_appliance_kitmac_os_xmacosenterprise_manager_ops_centerApache HTTP Server
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2015-5770
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.48% / 70.74%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osn/a
CVE-2020-9952
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.48% / 70.77%
||
7 Day CHG~0.00%
Published-16 Oct, 2020 | 16:53
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.

Action-Not Available
Vendor-webkitApple Inc.
Product-iphone_oswatchosipadostvossafariwebkitgtk\+icloudwatchOSiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-39846
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-2.51% / 82.83%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader /Parent Property Recursive Stack Overflow

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-39845
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-2.51% / 82.83%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 15:38
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2009-2199
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.59% / 83.40%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipod_touchiphone_ossafarin/a
CVE-2008-7296
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-1.00% / 58.74%
||
7 Day CHG~0.00%
Published-09 Aug, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2019-8521
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.82% / 52.88%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 17:33
Updated-04 Aug, 2024 | 21:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This issue was addressed with improved checks. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4. A malicious application may be able to overwrite arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmac_os_xmacOSiOS
CVE-2008-0032
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-3.81% / 88.77%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.4 allows remote attackers to execute arbitrary code via a movie file containing a Macintosh Resource record with a modified length value in the resource header, which triggers heap corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2008-0031
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-3.03% / 85.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Sorenson 3 video file, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2008-0059
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.35% / 81.63%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 allows context-dependent attackers to execute arbitrary code via a crafted XML file, related to "error handling logic."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2008-0058
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-2.90% / 85.24%
||
7 Day CHG~0.00%
Published-18 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the NSURLConnection cache management functionality in Foundation for Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via unspecified manipulations that cause messages to be sent to a deallocated object.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2021-30741
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.84% / 53.44%
||
7 Day CHG+0.03%
Published-08 Sep, 2021 | 13:44
Updated-03 Aug, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipadosiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2015-7023
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.63% / 73.29%
||
7 Day CHG~0.00%
Published-23 Oct, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CVE-2020-9994
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.94% / 56.63%
||
7 Day CHG~0.00%
Published-22 Oct, 2020 | 18:07
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A path handling issue was addressed with improved validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to overwrite arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CVE-2020-9808
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.80% / 51.98%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:10
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to cause unexpected system termination or write kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_oswatchostvosipadosmac_os_xtvOSmacOSwatchOSiOS
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-9805
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.13% / 62.42%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:06
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to universal cross site scripting.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvossafariicloudiTunes for WindowswatchOSiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-9843
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-1.08% / 61.13%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 16:18
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to a cross site scripting attack.

Action-Not Available
Vendor-Apple Inc.
Product-itunesiphone_oswatchosipadostvossafariicloudiTunes for WindowswatchOSiCloud for WindowsSafariiOSiCloud for Windows (Legacy)tvOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-3855
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.67% / 47.31%
||
7 Day CHG~0.00%
Published-27 Oct, 2020 | 20:12
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. A malicious application may be able to overwrite arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-mac_os_xmacOS
CVE-2007-0715
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-6.09% / 92.54%
||
7 Day CHG~0.00%
Published-05 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2007-0717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.8||MEDIUM
EPSS-5.37% / 91.67%
||
7 Day CHG~0.00%
Published-05 Mar, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CVE-2025-43373
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.5||HIGH
EPSS-0.45% / 35.67%
||
7 Day CHG+0.02%
Published-04 Nov, 2025 | 01:18
Updated-02 Apr, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-43287
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.1||HIGH
EPSS-0.21% / 11.40%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:34
Updated-02 Apr, 2026 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-2295
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.51% / 92.95%
||
7 Day CHG~0.00%
Published-26 Apr, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11260
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.92% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11243
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.59% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11222
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.92% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11268
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.92% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11217
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-8.40% / 94.31%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to drawing of Unicode text strings. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11230
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-10.07% / 95.06%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11265
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.59% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11214
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.92% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11252
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.59% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2024-39380
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.32% / 24.23%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 08:33
Updated-13 Sep, 2024 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Heap-based Buffer Overflow (CWE-122)

After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-windowsmacosafter_effectsAfter Effectsafter_effects
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11258
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.59% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded GIF image. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11120
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-9.13% / 94.69%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, an attacker can craft a malformed RRM neighbor report frame to trigger an internal buffer overflow in the Wi-Fi firmware, aka B-V2017061204.

Action-Not Available
Vendor-n/aApple Inc.Broadcom Inc.
Product-bcm4355c0_firmwaretvosiphone_osbcm4355c0n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-6799
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.79% / 51.76%
||
7 Day CHG~0.00%
Published-16 Nov, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-47965
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.22% / 12.90%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-20 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11212
Matching Score-6
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-6
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-8.85% / 94.57%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-0734
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.80% / 52.01%
||
7 Day CHG~0.00%
Published-10 Apr, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fsck, as used by the AirPort Disk feature of the AirPort Extreme Base Station with 802.11n before Firmware Update 7.1, and by Apple Mac OS X 10.3.9 through 10.4.9, does not properly enforce password protection of a USB hard drive, which allows context-dependent attackers to list arbitrary directories or execute arbitrary code, resulting from memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-airport_extrememac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2014-1244
Matching Score-6
Assigner-Apple Inc.
ShareView Details
Matching Score-6
Assigner-Apple Inc.
CVSS Score-9.3||HIGH
EPSS-4.11% / 89.54%
||
7 Day CHG~0.00%
Published-27 Feb, 2014 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 48
  • 49
  • Next
Details not found