VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,443 total · sorted by risk
  • CVE-2011-3102May 16, 2012
    risk 0.00cvss epss 0.03

    Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

  • CVE-2012-0676May 11, 2012
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors.

  • CVE-2012-0675May 11, 2012
    risk 0.00cvss epss 0.02

    Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume.

  • CVE-2012-0662May 11, 2012
    risk 0.00cvss epss 0.03

    Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input.

  • CVE-2012-0661May 11, 2012
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

  • CVE-2012-0660May 11, 2012
    risk 0.00cvss epss 0.03

    Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

  • CVE-2012-0659May 11, 2012
    risk 0.00cvss epss 0.03

    Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file.

  • CVE-2012-0658May 11, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded.

  • CVE-2012-0657May 11, 2012
    risk 0.00cvss epss 0.00

    Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors.

  • CVE-2012-0656May 11, 2012
    risk 0.00cvss epss 0.00

    Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password.

  • CVE-2012-0655May 11, 2012
    risk 0.00cvss epss 0.01

    libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during…

  • CVE-2012-0654May 11, 2012
    risk 0.00cvss epss 0.02

    libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate.

  • CVE-2012-0652May 11, 2012
    risk 0.00cvss epss 0.00

    Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log.

  • CVE-2012-0651May 11, 2012
    risk 0.00cvss epss 0.02

    The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message.

  • CVE-2012-0649May 11, 2012
    risk 0.00cvss epss 0.00

    Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file.

  • CVE-2012-0674May 8, 2012
    risk 0.00cvss epss 0.02

    Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

  • CVE-2012-0672May 8, 2012
    risk 0.00cvss epss 0.02

    WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

  • CVE-2012-1521May 1, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3081May 1, 2012
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

  • CVE-2011-3078May 1, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

  • CVE-2011-3076Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

  • CVE-2011-3075Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.

  • CVE-2011-3074Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

  • CVE-2011-3073Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.

  • CVE-2011-3071Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3069Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.

  • CVE-2011-3068Apr 5, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

  • CVE-2011-3067Apr 5, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.

  • CVE-2011-3064Mar 30, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG clipping.

  • CVE-2011-3060Mar 30, 2012
    risk 0.00cvss epss 0.02

    Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-3059Mar 30, 2012
    risk 0.00cvss epss 0.02

    Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-3058Mar 30, 2012
    risk 0.00cvss epss 0.02

    Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

  • CVE-2011-3056Mar 22, 2012
    risk 0.00cvss epss 0.01

    Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."

  • CVE-2011-3053Mar 22, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.

  • CVE-2011-3050Mar 22, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

  • CVE-2012-0647Mar 12, 2012
    risk 0.00cvss epss 0.01

    WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

  • CVE-2012-0640Mar 12, 2012
    risk 0.00cvss epss 0.01

    WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie.

  • CVE-2012-0584Mar 12, 2012
    risk 0.00cvss epss 0.01

    The Internationalized Domain Name (IDN) feature in Apple Safari before 5.1.4 on Windows does not properly restrict the characters in URLs, which allows remote attackers to spoof a domain name via unspecified homoglyphs.

  • CVE-2011-3046Mar 9, 2012
    risk 0.00cvss epss 0.05

    The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.

  • CVE-2012-0648Mar 8, 2012
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…

  • CVE-2012-0646Mar 8, 2012
    risk 0.00cvss epss 0.05

    Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

  • CVE-2012-0645Mar 8, 2012
    risk 0.00cvss epss 0.00

    Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

  • CVE-2012-0644Mar 8, 2012
    risk 0.00cvss epss 0.00

    Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.

  • CVE-2012-0643Mar 8, 2012
    risk 0.00cvss epss 0.05

    The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

  • CVE-2012-0642Mar 8, 2012
    risk 0.00cvss epss 0.05

    Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.

  • CVE-2012-0641Mar 8, 2012
    risk 0.00cvss epss 0.02

    CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

  • CVE-2012-0639Mar 8, 2012
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…

  • CVE-2012-0638Mar 8, 2012
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…

  • CVE-2012-0637Mar 8, 2012
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…

  • CVE-2012-0636Mar 8, 2012
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in…

Page 139 of 169