Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-0340

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-21 Jan, 2014 | 18:00
Updated At-06 Aug, 2024 | 14:25
Rejected At-
Credits

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:21 Jan, 2014 | 18:00
Updated At:06 Aug, 2024 | 14:25
Rejected At:
▼CVE Numbering Authority (CNA)

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://openwall.com/lists/oss-security/2013/02/22/3
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2013/04/12/6
mailing-list
x_refsource_MLIST
http://www.osvdb.org/90634
vdb-entry
x_refsource_OSVDB
http://securitytracker.com/id?1028213
vdb-entry
x_refsource_SECTRACK
https://security.gentoo.org/glsa/201701-21
vendor-advisory
x_refsource_GENTOO
http://www.securityfocus.com/bid/58233
vdb-entry
x_refsource_BID
https://support.apple.com/kb/HT212805
x_refsource_CONFIRM
https://support.apple.com/kb/HT212804
x_refsource_CONFIRM
https://support.apple.com/kb/HT212807
x_refsource_CONFIRM
https://support.apple.com/kb/HT212819
x_refsource_CONFIRM
https://support.apple.com/kb/HT212814
x_refsource_CONFIRM
https://support.apple.com/kb/HT212815
x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2021/Sep/33
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/34
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/40
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/35
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/38
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Sep/39
mailing-list
x_refsource_FULLDISC
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
mailing-list
x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/10/07/4
mailing-list
x_refsource_MLIST
http://seclists.org/fulldisclosure/2021/Oct/62
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Oct/63
mailing-list
x_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Oct/61
mailing-list
x_refsource_FULLDISC
Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.osvdb.org/90634
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://securitytracker.com/id?1028213
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://security.gentoo.org/glsa/201701-21
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://www.securityfocus.com/bid/58233
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.apple.com/kb/HT212805
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT212804
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT212807
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT212819
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT212814
Resource:
x_refsource_CONFIRM
Hyperlink: https://support.apple.com/kb/HT212815
Resource:
x_refsource_CONFIRM
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61
Resource:
mailing-list
x_refsource_FULLDISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://openwall.com/lists/oss-security/2013/02/22/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2013/04/12/6
mailing-list
x_refsource_MLIST
x_transferred
http://www.osvdb.org/90634
vdb-entry
x_refsource_OSVDB
x_transferred
http://securitytracker.com/id?1028213
vdb-entry
x_refsource_SECTRACK
x_transferred
https://security.gentoo.org/glsa/201701-21
vendor-advisory
x_refsource_GENTOO
x_transferred
http://www.securityfocus.com/bid/58233
vdb-entry
x_refsource_BID
x_transferred
https://support.apple.com/kb/HT212805
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT212804
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT212807
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT212819
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT212814
x_refsource_CONFIRM
x_transferred
https://support.apple.com/kb/HT212815
x_refsource_CONFIRM
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/33
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/34
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/40
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/35
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/38
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Sep/39
mailing-list
x_refsource_FULLDISC
x_transferred
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
http://www.openwall.com/lists/oss-security/2021/10/07/4
mailing-list
x_refsource_MLIST
x_transferred
http://seclists.org/fulldisclosure/2021/Oct/62
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Oct/63
mailing-list
x_refsource_FULLDISC
x_transferred
http://seclists.org/fulldisclosure/2021/Oct/61
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.osvdb.org/90634
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://securitytracker.com/id?1028213
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://security.gentoo.org/glsa/201701-21
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://www.securityfocus.com/bid/58233
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.apple.com/kb/HT212805
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT212804
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT212807
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT212819
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT212814
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://support.apple.com/kb/HT212815
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:21 Jan, 2014 | 18:55
Updated At:11 Apr, 2025 | 00:51

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
libexpat_project
libexpat_project
>>libexpat>>Versions before 2.4.0(exclusive)
cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.6.0(inclusive) to 3.6.15(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.7.0(inclusive) to 3.7.12(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.8.0(inclusive) to 3.8.12(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Python Software Foundation
python
>>python>>Versions from 3.9.0(inclusive) to 3.9.7(exclusive)
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>ipados>>Versions before 14.8(exclusive)
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>iphone_os>>Versions before 14.8(exclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>macos>>Versions before 11.6(exclusive)
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>tvos>>Versions before 15.0(exclusive)
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Apple Inc.
apple
>>watchos>>Versions before 8.0(exclusive)
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-611Primarynvd@nist.gov
CWE ID: CWE-611
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://openwall.com/lists/oss-security/2013/02/22/3secalert@redhat.com
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/33secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/34secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/35secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39secalert@redhat.com
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40secalert@redhat.com
Mailing List
Third Party Advisory
http://securitytracker.com/id?1028213secalert@redhat.com
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2013/04/12/6secalert@redhat.com
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/07/4secalert@redhat.com
Mailing List
Third Party Advisory
http://www.osvdb.org/90634secalert@redhat.com
Broken Link
http://www.securityfocus.com/bid/58233secalert@redhat.com
Broken Link
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3Esecalert@redhat.com
N/A
https://security.gentoo.org/glsa/201701-21secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212804secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212805secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212807secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212814secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212815secalert@redhat.com
Third Party Advisory
https://support.apple.com/kb/HT212819secalert@redhat.com
Third Party Advisory
http://openwall.com/lists/oss-security/2013/02/22/3af854a3a-2127-422b-91ae-364da2661108
Exploit
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/33af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/34af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/35af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/38af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/39af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2021/Sep/40af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://securitytracker.com/id?1028213af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2013/04/12/6af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/07/4af854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
http://www.osvdb.org/90634af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/58233af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://security.gentoo.org/glsa/201701-21af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212804af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212805af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212807af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212814af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212815af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://support.apple.com/kb/HT212819af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3
Source: secalert@redhat.com
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://securitytracker.com/id?1028213
Source: secalert@redhat.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4
Source: secalert@redhat.com
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.osvdb.org/90634
Source: secalert@redhat.com
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/58233
Source: secalert@redhat.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201701-21
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212804
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212805
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212807
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212814
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212815
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212819
Source: secalert@redhat.com
Resource:
Third Party Advisory
Hyperlink: http://openwall.com/lists/oss-security/2013/02/22/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/61
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/62
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Oct/63
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/33
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/34
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/35
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/38
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/39
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://seclists.org/fulldisclosure/2021/Sep/40
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://securitytracker.com/id?1028213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.openwall.com/lists/oss-security/2013/04/12/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2021/10/07/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: http://www.osvdb.org/90634
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/58233
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://lists.apache.org/thread.html/r41eca5f4f09e74436cbb05dec450fc2bef37b5d3e966aa7cc5fada6d%40%3Cannounce.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfb2c193360436e230b85547e85a41bea0916916f96c501f5b6fc4702%40%3Cusers.openoffice.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://security.gentoo.org/glsa/201701-21
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212804
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212805
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212807
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212814
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://support.apple.com/kb/HT212819
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

1949Records found
CVE-2008-1016
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.42% / 79.81%
||
7 Day CHG~0.00%
Published-04 Apr, 2008 | 17:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-quicktimen/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2010-0059
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-4.65% / 88.88%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted audio content with QDM2 encoding, which triggers a buffer overflow due to inconsistent length fields, related to QDCA.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0065
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.18% / 77.88%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image with bzip2 compression.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0056
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.45% / 79.97%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0513
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.90% / 82.49%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PostScript document.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0514
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.03% / 83.06%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.261 encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0538
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.18% / 86.45%
||
7 Day CHG~0.00%
Published-21 May, 2010 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.

Action-Not Available
Vendor-n/aApple Inc.
Product-javamac_os_xn/a
CVE-2010-0516
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.48% / 87.10%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with RLE encoding, which triggers memory corruption when the length of decompressed data exceeds that of the allocated heap chunk.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0520
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-9.15% / 92.36%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLC file, related to crafted DELTA_FLI chunks and untrusted length values in a .fli file, which are not properly handled during decompression.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0515
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.06% / 83.16%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file with H.264 encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0542
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-4.41% / 88.59%
||
7 Day CHG~0.00%
Published-21 Jun, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.

Action-Not Available
Vendor-n/aApple Inc.
Product-cupsn/a
CVE-2010-0505
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-2.44% / 84.55%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 (JPEG2000) image, related to incorrect calculation and the CGImageReadGetBytesAtOffset function.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0894
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.67% / 70.39%
||
7 Day CHG~0.00%
Published-21 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari might allow remote attackers to obtain potentially sensitive memory contents or cause a denial of service (crash) via a crafted (1) bitmap (BMP) or (2) GIF file, a related issue to CVE-2008-0420.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CVE-2010-0062
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.59% / 87.29%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed .3g2 movie file with H.263 encoding that triggers an incorrect buffer length calculation.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-0063
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 56.35%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.6.3 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari, as demonstrated by the values for the (1) .ibplugin and (2) .url extensions.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2010-0497
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.10% / 77.10%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disk Images in Apple Mac OS X before 10.6.3 does not provide the expected warning for an unsafe file type in an internet enabled disk image, which makes it easier for user-assisted remote attackers to execute arbitrary code via a package file type.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2010-0519
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-5.78% / 90.14%
||
7 Day CHG~0.00%
Published-30 Mar, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a FlashPix image with a malformed SubImage Header Stream containing a NumberOfTiles field with a large value.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xmac_os_x_servern/a
CVE-2021-21017
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-89.72% / 99.54%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.Apple Inc.
Product-macosacrobat_readeracrobat_dcacrobat_reader_dcacrobatwindowsAcrobat ReaderAcrobat and Reader
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-4697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.38% / 84.38%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 01:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via unknown vectors related to browser history, which triggers memory corruption.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2009-2816
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.15% / 83.58%
||
7 Day CHG~0.00%
Published-13 Nov, 2009 | 15:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page.

Action-Not Available
Vendor-n/aGoogle LLCopenSUSEApple Inc.Fedora Project
Product-iphone_oschromeopensusesafarifedoran/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2009-2812
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.74% / 81.77%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Launch Services in Apple Mac OS X 10.5.8 does not properly recognize an unsafe Uniform Type Identifier (UTI) in an exported document type in a downloaded application, which allows remote attackers to trigger the automatic opening of a file, and execute arbitrary code, via a crafted web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2009-2810
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.92% / 82.58%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a "potentially unsafe" warning message.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2009-2824
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.57% / 84.96%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code via a crafted embedded font in a document.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2837
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-3.65% / 87.40%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2811
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.52% / 84.81%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in Launch Services in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code via a .fileloc file, which does not trigger a "potentially unsafe" warning message in the Quarantine feature.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2826
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.89% / 82.44%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2009-2830
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.88% / 82.38%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2822
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.47% / 63.51%
||
7 Day CHG~0.00%
Published-05 Apr, 2010 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.

Action-Not Available
Vendor-n/aApple Inc.
Product-airport_base_stationairport_utilityn/a
CVE-2009-2800
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.96% / 75.58%
||
7 Day CHG~0.00%
Published-11 Sep, 2009 | 18:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2016-0931
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-2.84% / 85.68%
||
7 Day CHG~0.00%
Published-14 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FileAttachment annotation, a different vulnerability than CVE-2016-0933, CVE-2016-0936, CVE-2016-0938, CVE-2016-0939, CVE-2016-0942, CVE-2016-0944, CVE-2016-0945, and CVE-2016-0946.

Action-Not Available
Vendor-n/aApple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_reader_dcacrobat_readeracrobat_dcwindowsacrobatmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-21021
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-13.44% / 93.93%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-17 Sep, 2024 | 03:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Use-After-Free Vulnerability Could Lead To Arbitrary Code Execution

Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2009-2838
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.89% / 82.44%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document that triggers a buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2009-2839
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.75% / 72.11%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2009-2809
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.41% / 84.48%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PixarFilm encoded TIFF image, related to "multiple memory corruption issues."

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2009-2803
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.89% / 74.59%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a file with a crafted resource fork.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-399
Not Available
CVE-2009-2827
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.90% / 82.49%
||
7 Day CHG~0.00%
Published-10 Nov, 2009 | 19:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FAT filesystem on a disk image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2804
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.19% / 92.38%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-windowssafarimac_os_x_servermac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2009-1717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-2.62% / 85.10%
||
7 Day CHG~0.00%
Published-05 Jun, 2009 | 15:25
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted size value in a CSI[4 xterm resize escape sequence that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-189
Not Available
CVE-2009-2205
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.84% / 73.72%
||
7 Day CHG~0.00%
Published-09 Sep, 2009 | 22:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.
Product-java_1.5java_1.6mac_os_xjava_1.4mac_os_x_servern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-7013
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.31% / 53.73%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxml2" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted XML file.

Action-Not Available
Vendor-n/aApple Inc.Microsoft Corporation
Product-itunesmac_os_xtvosiphone_osicloudwatchoswindowsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2009-1728
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-9.71% / 92.62%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before 10.5.8, and 10.4 before Digital Camera RAW Compatibility Update 2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-2066
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-287
Improper Authentication
CVE-2021-1753
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.36% / 57.68%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:20
Updated-03 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osipad_osmacosmac_os_xmacOSiOS and iPadOS
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1788
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.81% / 73.27%
||
7 Day CHG~0.00%
Published-02 Apr, 2021 | 18:00
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Action-Not Available
Vendor-Debian GNU/LinuxFedora ProjectApple Inc.
Product-iphone_osdebian_linuxipadostvoswatchossafarifedoramac_os_xmacosmacOSiOS and iPadOS
CWE ID-CWE-416
Use After Free
CVE-2009-2062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.30% / 52.77%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-1721
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-25.35% / 95.99%
||
7 Day CHG~0.00%
Published-31 Jul, 2009 | 18:29
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer.

Action-Not Available
Vendor-openexrn/aDebian GNU/LinuxCanonical Ltd.openSUSEFedora ProjectApple Inc.
Product-ubuntu_linuxdebian_linuxopensusefedoramac_os_xopenexrn/a
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2014-1341
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-6.8||MEDIUM
EPSS-1.34% / 79.23%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-05-21-1.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-1727
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.56% / 67.40%
||
7 Day CHG~0.00%
Published-06 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 before 10.5.8 makes it easier for user-assisted remote attackers to execute arbitrary JavaScript via a web page that offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CVE-2009-2058
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.27% / 49.74%
||
7 Day CHG~0.00%
Published-15 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-287
Improper Authentication
CVE-2009-0577
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.8||MEDIUM
EPSS-3.15% / 86.37%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.

Action-Not Available
Vendor-n/aRed Hat, Inc.Apple Inc.
Product-cupsenterprise_linuxn/a
CWE ID-CWE-189
Not Available
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 38
  • 39
  • Next
Details not found