Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1725

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Jul, 2009 | 17:00
Updated At-07 Aug, 2024 | 05:20
Rejected At-
Credits

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Jul, 2009 | 17:00
Updated At:07 Aug, 2024 | 05:20
Rejected At:
â–¼CVE Numbering Authority (CNA)

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://websvn.kde.org/?view=rev&revision=1002164
x_refsource_CONFIRM
http://websvn.kde.org/?view=rev&revision=1002163
x_refsource_CONFIRM
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
vendor-advisory
x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
vendor-advisory
x_refsource_MANDRIVA
http://support.apple.com/kb/HT3666
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
vendor-advisory
x_refsource_APPLE
http://websvn.kde.org/?view=rev&revision=1002162
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/bid/35607
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2009/1827
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/37746
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/55739
vdb-entry
x_refsource_OSVDB
http://secunia.com/advisories/36790
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/36347
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1950
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
http://secunia.com/advisories/36062
third-party-advisory
x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-857-1
vendor-advisory
x_refsource_UBUNTU
http://secunia.com/advisories/36057
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
vendor-advisory
x_refsource_FEDORA
http://www.securitytracker.com/id?1022526
vdb-entry
x_refsource_SECTRACK
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
vdb-entry
signature
x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=513813
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-836-1
vendor-advisory
x_refsource_UBUNTU
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
vendor-advisory
x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
vendor-advisory
x_refsource_APPLE
http://secunia.com/advisories/36677
third-party-advisory
x_refsource_SECUNIA
http://support.apple.com/kb/HT3860
x_refsource_CONFIRM
http://secunia.com/advisories/35758
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Resource:
x_refsource_CONFIRM
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://support.apple.com/kb/HT3666
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/35607
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/37746
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/55739
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://secunia.com/advisories/36790
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/36347
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://secunia.com/advisories/36062
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://secunia.com/advisories/36057
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securitytracker.com/id?1022526
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://secunia.com/advisories/36677
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.apple.com/kb/HT3860
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35758
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Resource:
vendor-advisory
x_refsource_FEDORA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://websvn.kde.org/?view=rev&revision=1002164
x_refsource_CONFIRM
x_transferred
http://websvn.kde.org/?view=rev&revision=1002163
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/43068
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://support.apple.com/kb/HT3666
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2011/0212
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://websvn.kde.org/?view=rev&revision=1002162
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/bid/35607
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2009/1827
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/37746
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/55739
vdb-entry
x_refsource_OSVDB
x_transferred
http://secunia.com/advisories/36790
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/36347
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1950
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://secunia.com/advisories/36062
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.ubuntu.com/usn/USN-857-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://secunia.com/advisories/36057
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securitytracker.com/id?1022526
vdb-entry
x_refsource_SECTRACK
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=513813
x_refsource_CONFIRM
x_transferred
http://www.ubuntu.com/usn/USN-836-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://secunia.com/advisories/36677
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.apple.com/kb/HT3860
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35758
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/43068
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3666
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35607
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/37746
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/55739
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://secunia.com/advisories/36790
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/36347
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://secunia.com/advisories/36062
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://secunia.com/advisories/36057
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022526
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://secunia.com/advisories/36677
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.apple.com/kb/HT3860
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35758
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jul, 2009 | 17:30
Updated At:23 Apr, 2026 | 00:35

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 9.3
Base severity: HIGH
Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
Apple Inc.
apple
>>safari>>Versions up to 4.0.1(inclusive)
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.0
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.1
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.2
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.3
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>2.0.4
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.0
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.0b
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.1b
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.2
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.2b
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.3
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.3b
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.4
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.0.4b
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.0
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.0b
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.1
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.1.2
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.0
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.1
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>3.2.2
cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>safari>>4.0.0b
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions up to 3.0.1(inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.0
cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.1
cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.0.2
cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.0
cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.1
cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.2
cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.3
cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.4
cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>1.1.5
cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0
cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.0
cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.1
cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.0.2
cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.1
cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.1.1
cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.2
cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>2.2.1
cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-189Primarynvd@nist.gov
CWE ID: CWE-189
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-08-07T00:00:00

Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.htmlcve@mitre.org
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlcve@mitre.org
N/A
http://osvdb.org/55739cve@mitre.org
N/A
http://secunia.com/advisories/35758cve@mitre.org
N/A
http://secunia.com/advisories/36057cve@mitre.org
N/A
http://secunia.com/advisories/36062cve@mitre.org
N/A
http://secunia.com/advisories/36347cve@mitre.org
N/A
http://secunia.com/advisories/36677cve@mitre.org
N/A
http://secunia.com/advisories/36790cve@mitre.org
N/A
http://secunia.com/advisories/37746cve@mitre.org
N/A
http://secunia.com/advisories/43068cve@mitre.org
N/A
http://support.apple.com/kb/HT3666cve@mitre.org
Patch
Vendor Advisory
http://support.apple.com/kb/HT3860cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002162cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002163cve@mitre.org
N/A
http://websvn.kde.org/?view=rev&revision=1002164cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1950cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330cve@mitre.org
N/A
http://www.securityfocus.com/bid/35607cve@mitre.org
Patch
http://www.securitytracker.com/id?1022526cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-836-1cve@mitre.org
N/A
http://www.ubuntu.com/usn/USN-857-1cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1827cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0212cve@mitre.org
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=513813cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlcve@mitre.org
N/A
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/55739af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35758af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36057af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36062af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36347af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36677af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36790af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37746af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/43068af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3666af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://support.apple.com/kb/HT3860af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002162af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002163af854a3a-2127-422b-91ae-364da2661108
N/A
http://websvn.kde.org/?view=rev&revision=1002164af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2009/dsa-1950af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/35607af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securitytracker.com/id?1022526af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-836-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-857-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1827af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0212af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=513813af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/55739
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35758
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36057
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36062
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36347
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36677
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36790
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/37746
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3666
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3860
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35607
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022526
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/55739
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35758
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36057
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36062
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36347
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36677
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36790
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37746
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/43068
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3666
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://support.apple.com/kb/HT3860
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002162
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002163
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://websvn.kde.org/?view=rev&revision=1002164
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1950
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35607
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securitytracker.com/id?1022526
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-836-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-857-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1827
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0212
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=513813
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1915Records found
CVE-2017-13872
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.1||HIGH
EPSS-76.66% / 98.97%
||
7 Day CHG~0.00%
Published-29 Nov, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmacOS High Sierra
CWE ID-CWE-287
Improper Authentication
CVE-2017-13911
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.38%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 17:43
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xOS X, macOS
CWE ID-CWE-20
Improper Input Validation
CVE-2017-13830
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.48%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-1030
Matching Score-8
Assigner-Okta
ShareView Details
Matching Score-8
Assigner-Okta
CVSS Score-8.8||HIGH
EPSS-0.36% / 58.35%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.

Action-Not Available
Vendor-oktaOktaLinux Kernel Organization, IncApple Inc.
Product-macosadvanced_server_accesslinux_kernelAdvanced Server Access Client
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-13854
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xiphone_oswatchostvosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13811
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.48%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "fsck_msdos" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2195
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-29.05% / 96.65%
||
7 Day CHG~0.00%
Published-12 Aug, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13875
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.27% / 79.69%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-13808
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.18% / 38.64%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 03:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Remote Management" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2799
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.39% / 90.22%
||
7 Day CHG-1.75%
Published-10 Sep, 2009 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted H.264 movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13847
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-1.24% / 79.51%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "IOKit" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2188
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-35.23% / 97.11%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13867
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-2.25% / 84.80%
||
7 Day CHG~0.00%
Published-25 Dec, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-tvosiphone_osmac_os_xwatchosn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-13853
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.95%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-0.24% / 47.45%
||
7 Day CHG~0.00%
Published-11 May, 2009 | 15:19
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

Action-Not Available
Vendor-n/aAdobe Inc.Apple Inc.
Product-acrobat_readersafarin/a
CVE-2009-1690
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.46% / 92.45%
||
7 Day CHG-0.07%
Published-10 Jun, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

Action-Not Available
Vendor-n/aGoogle LLCApple Inc.
Product-chromeiphone_ossafarin/a
CVE-2009-1711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-6.40% / 91.14%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2009-1709
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-8.61% / 92.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2009-1701
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-9.72% / 93.04%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipod_touchiphone_ossafarin/a
CVE-2009-1726
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.11% / 95.74%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11220
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.43% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in an internal data structure. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11259
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.19% / 84.60%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11223
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.96% / 89.78%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the core of the XFA engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2017-11260
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as a GIF image. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11256
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.94% / 89.74%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when generating content using XFA layout engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2017-11212
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-5.62% / 90.44%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to text output. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11237
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.54% / 91.24%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the font parsing module. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11224
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.96% / 89.78%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2009-1708
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-3.27% / 87.33%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2017-11235
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.94% / 89.74%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the image conversion engine when decompressing JPEG data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2017-11267
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data interpreted as JPEG data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1705
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.15% / 89.99%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2017-11257
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.46% / 93.33%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable type confusion vulnerability in the XFA layout engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-704
Incorrect Type Conversion or Cast
CVE-2017-11214
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1686
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-5.49% / 90.32%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-11241
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-10.43% / 93.32%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11270
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data representing icons. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11261
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private data and the embedded TIF image. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11234
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing TIFF data related to the way how the components of each pixel are stored. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1698
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.78% / 92.05%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 17:37
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Action-Not Available
Vendor-n/aApple Inc.
Product-ipod_touchiphone_ossafarin/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2017-11222
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Product Representation Compact (PRC) engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1687
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-7.78% / 92.05%
||
7 Day CHG~0.00%
Published-10 Jun, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2009-1792
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-1.44% / 80.93%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).

Action-Not Available
Vendor-stonetripn/aApple Inc.Microsoft CorporationLinux Kernel Organization, Inc
Product-s3dplayer_webwindowsmacoss3dplayer_standalonelinux_kerneln/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2017-11211
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-25.08% / 96.26%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the JPEG parser. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11228
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing JPEG 2000 (JP2) code stream data. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11219
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.96% / 89.78%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in the XFA rendering engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2017-11271
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-6.17% / 90.94%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transfer of pixel blocks. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-0185
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-9.3||HIGH
EPSS-28.20% / 96.56%
||
7 Day CHG~0.00%
Published-02 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted MS ADPCM encoded audio data in an AVI movie file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-11231
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-4.94% / 89.74%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability in Acrobat/Reader rendering engine. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2009-0951
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.3||HIGH
EPSS-21.52% / 95.79%
||
7 Day CHG~0.00%
Published-02 Jun, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC compression file.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • ...
  • 6
  • 7
  • 8
  • ...
  • 38
  • 39
  • Next
Details not found