Vendor CVEs
Apple Inc.
All CVEs
8,443 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3102 | 0.00 | — | 0.03 | May 16, 2012 | Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2012-0676 | 0.00 | — | 0.02 | May 11, 2012 | WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | |||
| CVE-2012-0675 | 0.00 | — | 0.02 | May 11, 2012 | Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | |||
| CVE-2012-0662 | 0.00 | — | 0.03 | May 11, 2012 | Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | |||
| CVE-2012-0661 | 0.00 | — | 0.03 | May 11, 2012 | Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | |||
| CVE-2012-0660 | 0.00 | — | 0.03 | May 11, 2012 | Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||
| CVE-2012-0659 | 0.00 | — | 0.03 | May 11, 2012 | Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | |||
| CVE-2012-0658 | 0.00 | — | 0.04 | May 11, 2012 | Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | |||
| CVE-2012-0657 | 0.00 | — | 0.00 | May 11, 2012 | Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. | |||
| CVE-2012-0656 | 0.00 | — | 0.00 | May 11, 2012 | Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. | |||
| CVE-2012-0655 | 0.00 | — | 0.01 | May 11, 2012 | libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during… | |||
| CVE-2012-0654 | 0.00 | — | 0.02 | May 11, 2012 | libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. | |||
| CVE-2012-0652 | 0.00 | — | 0.00 | May 11, 2012 | Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | |||
| CVE-2012-0651 | 0.00 | — | 0.02 | May 11, 2012 | The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | |||
| CVE-2012-0649 | 0.00 | — | 0.00 | May 11, 2012 | Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | |||
| CVE-2012-0674 | 0.00 | — | 0.02 | May 8, 2012 | Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | |||
| CVE-2012-0672 | 0.00 | — | 0.02 | May 8, 2012 | WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||
| CVE-2012-1521 | 0.00 | — | 0.02 | May 1, 2012 | Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-3081 | 0.00 | — | 0.03 | May 1, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078. | |||
| CVE-2011-3078 | 0.00 | — | 0.02 | May 1, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081. | |||
| CVE-2011-3076 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling. | |||
| CVE-2011-3075 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. | |||
| CVE-2011-3074 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media. | |||
| CVE-2011-3073 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources. | |||
| CVE-2011-3071 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-3069 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. | |||
| CVE-2011-3068 | 0.00 | — | 0.02 | Apr 5, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes. | |||
| CVE-2011-3067 | 0.00 | — | 0.01 | Apr 5, 2012 | Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements. | |||
| CVE-2011-3064 | 0.00 | — | 0.02 | Mar 30, 2012 | Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping. | |||
| CVE-2011-3060 | 0.00 | — | 0.02 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-3059 | 0.00 | — | 0.02 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-3058 | 0.00 | — | 0.02 | Mar 30, 2012 | Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||
| CVE-2011-3056 | 0.00 | — | 0.01 | Mar 22, 2012 | Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe." | |||
| CVE-2011-3053 | 0.00 | — | 0.02 | Mar 22, 2012 | Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | |||
| CVE-2011-3050 | 0.00 | — | 0.02 | Mar 22, 2012 | Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | |||
| CVE-2012-0647 | 0.00 | — | 0.01 | Mar 12, 2012 | WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||
| CVE-2012-0640 | 0.00 | — | 0.01 | Mar 12, 2012 | WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. | |||
| CVE-2012-0584 | 0.00 | — | 0.01 | Mar 12, 2012 | The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs. | |||
| CVE-2011-3046 | 0.00 | — | 0.05 | Mar 9, 2012 | The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | |||
| CVE-2012-0648 | 0.00 | — | 0.02 | Mar 8, 2012 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in… | |||
| CVE-2012-0646 | 0.00 | — | 0.05 | Mar 8, 2012 | Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | |||
| CVE-2012-0645 | 0.00 | — | 0.00 | Mar 8, 2012 | Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. | |||
| CVE-2012-0644 | 0.00 | — | 0.00 | Mar 8, 2012 | Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | |||
| CVE-2012-0643 | 0.00 | — | 0.05 | Mar 8, 2012 | The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | |||
| CVE-2012-0642 | 0.00 | — | 0.05 | Mar 8, 2012 | Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | |||
| CVE-2012-0641 | 0.00 | — | 0.02 | Mar 8, 2012 | CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | |||
| CVE-2012-0639 | 0.00 | — | 0.02 | Mar 8, 2012 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in… | |||
| CVE-2012-0638 | 0.00 | — | 0.02 | Mar 8, 2012 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in… | |||
| CVE-2012-0637 | 0.00 | — | 0.02 | Mar 8, 2012 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in… | |||
| CVE-2012-0636 | 0.00 | — | 0.02 | Mar 8, 2012 | WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in… |
- CVE-2011-3102May 16, 2012risk 0.00cvss —epss 0.03
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
- CVE-2012-0676May 11, 2012risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.
- CVE-2012-0675May 11, 2012risk 0.00cvss —epss 0.02
Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.
- CVE-2012-0662May 11, 2012risk 0.00cvss —epss 0.03
Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.
- CVE-2012-0661May 11, 2012risk 0.00cvss —epss 0.03
Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
- CVE-2012-0660May 11, 2012risk 0.00cvss —epss 0.03
Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
- CVE-2012-0659May 11, 2012risk 0.00cvss —epss 0.03
Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.
- CVE-2012-0658May 11, 2012risk 0.00cvss —epss 0.04
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.
- CVE-2012-0657May 11, 2012risk 0.00cvss —epss 0.00
Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.
- CVE-2012-0656May 11, 2012risk 0.00cvss —epss 0.00
Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.
- CVE-2012-0655May 11, 2012risk 0.00cvss —epss 0.01
libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during…
- CVE-2012-0654May 11, 2012risk 0.00cvss —epss 0.02
libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.
- CVE-2012-0652May 11, 2012risk 0.00cvss —epss 0.00
Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.
- CVE-2012-0651May 11, 2012risk 0.00cvss —epss 0.02
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.
- CVE-2012-0649May 11, 2012risk 0.00cvss —epss 0.00
Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.
- CVE-2012-0674May 8, 2012risk 0.00cvss —epss 0.02
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.
- CVE-2012-0672May 8, 2012risk 0.00cvss —epss 0.02
WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
- CVE-2012-1521May 1, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-3081May 1, 2012risk 0.00cvss —epss 0.03
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.
- CVE-2011-3078May 1, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
- CVE-2011-3076Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
- CVE-2011-3075Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
- CVE-2011-3074Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
- CVE-2011-3073Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
- CVE-2011-3071Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-3069Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
- CVE-2011-3068Apr 5, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
- CVE-2011-3067Apr 5, 2012risk 0.00cvss —epss 0.01
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
- CVE-2011-3064Mar 30, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.
- CVE-2011-3060Mar 30, 2012risk 0.00cvss —epss 0.02
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-3059Mar 30, 2012risk 0.00cvss —epss 0.02
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-3058Mar 30, 2012risk 0.00cvss —epss 0.02
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
- CVE-2011-3056Mar 22, 2012risk 0.00cvss —epss 0.01
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
- CVE-2011-3053Mar 22, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
- CVE-2011-3050Mar 22, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
- CVE-2012-0647Mar 12, 2012risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
- CVE-2012-0640Mar 12, 2012risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.
- CVE-2012-0584Mar 12, 2012risk 0.00cvss —epss 0.01
The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.
- CVE-2011-3046Mar 9, 2012risk 0.00cvss —epss 0.05
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
- CVE-2012-0648Mar 8, 2012risk 0.00cvss —epss 0.02
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…
- CVE-2012-0646Mar 8, 2012risk 0.00cvss —epss 0.05
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
- CVE-2012-0645Mar 8, 2012risk 0.00cvss —epss 0.00
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
- CVE-2012-0644Mar 8, 2012risk 0.00cvss —epss 0.00
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
- CVE-2012-0643Mar 8, 2012risk 0.00cvss —epss 0.05
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
- CVE-2012-0642Mar 8, 2012risk 0.00cvss —epss 0.05
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
- CVE-2012-0641Mar 8, 2012risk 0.00cvss —epss 0.02
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.
- CVE-2012-0639Mar 8, 2012risk 0.00cvss —epss 0.02
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…
- CVE-2012-0638Mar 8, 2012risk 0.00cvss —epss 0.02
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…
- CVE-2012-0637Mar 8, 2012risk 0.00cvss —epss 0.02
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…
- CVE-2012-0636Mar 8, 2012risk 0.00cvss —epss 0.02
WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…
Page 139 of 169