Vendor CVEs
Apple Inc.
All CVEs
8,444 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3924 | 0.00 | — | 0.02 | Jan 24, 2012 | Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. | |||
| CVE-2011-3919 | 0.00 | — | 0.02 | Jan 7, 2012 | Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2011-3913 | 0.00 | — | 0.02 | Dec 13, 2011 | Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling. | |||
| CVE-2011-3909 | 0.00 | — | 0.02 | Dec 13, 2011 | The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2011-3908 | 0.00 | — | 0.02 | Dec 13, 2011 | Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-4692 | 0.00 | — | 0.01 | Dec 7, 2011 | WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted… | |||
| CVE-2010-5070 | 0.00 | — | 0.02 | Dec 7, 2011 | The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different… | |||
| CVE-2008-7303 | 0.00 | — | 0.04 | Nov 15, 2011 | The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's… | |||
| CVE-2011-3442 | 0.00 | — | 0.00 | Nov 11, 2011 | The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | |||
| CVE-2011-3441 | 0.00 | — | 0.02 | Nov 11, 2011 | libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. | |||
| CVE-2011-3440 | 0.00 | — | 0.00 | Nov 11, 2011 | The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | |||
| CVE-2011-3439 | 0.00 | — | 0.05 | Nov 11, 2011 | FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | |||
| CVE-2011-3897 | 0.00 | — | 0.02 | Nov 11, 2011 | Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing. | |||
| CVE-2011-3998 | 0.00 | — | 0.01 | Nov 9, 2011 | Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-3251 | 0.00 | — | 0.04 | Oct 28, 2011 | Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. | |||
| CVE-2011-3250 | 0.00 | — | 0.05 | Oct 28, 2011 | Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | |||
| CVE-2011-3249 | 0.00 | — | 0.05 | Oct 28, 2011 | Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. | |||
| CVE-2011-3248 | 0.00 | — | 0.05 | Oct 28, 2011 | Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. | |||
| CVE-2011-3247 | 0.00 | — | 0.04 | Oct 28, 2011 | Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. | |||
| CVE-2011-3888 | 0.00 | — | 0.02 | Oct 25, 2011 | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in. | |||
| CVE-2011-3887 | 0.00 | — | 0.01 | Oct 25, 2011 | Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors. | |||
| CVE-2011-3885 | 0.00 | — | 0.02 | Oct 25, 2011 | Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data. | |||
| CVE-2011-3881 | 0.00 | — | 0.02 | Oct 25, 2011 | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the… | |||
| CVE-2011-2845 | 0.00 | — | 0.01 | Oct 25, 2011 | Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors. | |||
| CVE-2011-3437 | 0.00 | — | 0.03 | Oct 14, 2011 | Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. | |||
| CVE-2011-3436 | 0.00 | — | 0.02 | Oct 14, 2011 | Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. | |||
| CVE-2011-3435 | 0.00 | — | 0.01 | Oct 14, 2011 | Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. | |||
| CVE-2011-3434 | 0.00 | — | 0.02 | Oct 14, 2011 | The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2011-3432 | 0.00 | — | 0.02 | Oct 14, 2011 | The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. | |||
| CVE-2011-3431 | 0.00 | — | 0.00 | Oct 14, 2011 | The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | |||
| CVE-2011-3430 | 0.00 | — | 0.02 | Oct 14, 2011 | The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. | |||
| CVE-2011-3429 | 0.00 | — | 0.00 | Oct 14, 2011 | The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | |||
| CVE-2011-3427 | 0.00 | — | 0.01 | Oct 14, 2011 | The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted… | |||
| CVE-2011-3426 | 0.00 | — | 0.02 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | |||
| CVE-2011-3261 | 0.00 | — | 0.03 | Oct 14, 2011 | Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | |||
| CVE-2011-3260 | 0.00 | — | 0.03 | Oct 14, 2011 | Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | |||
| CVE-2011-3259 | 0.00 | — | 0.02 | Oct 14, 2011 | The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. | |||
| CVE-2011-3257 | 0.00 | — | 0.00 | Oct 14, 2011 | The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. | |||
| CVE-2011-3256 | 0.00 | — | 0.04 | Oct 14, 2011 | FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability… | |||
| CVE-2011-3255 | 0.00 | — | 0.02 | Oct 14, 2011 | CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2011-3254 | 0.00 | — | 0.01 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |||
| CVE-2011-3253 | 0.00 | — | 0.01 | Oct 14, 2011 | CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||
| CVE-2011-3246 | 0.00 | — | 0.03 | Oct 14, 2011 | CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | |||
| CVE-2011-3245 | 0.00 | — | 0.00 | Oct 14, 2011 | The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | |||
| CVE-2011-3243 | 0.00 | — | 0.02 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | |||
| CVE-2011-3242 | 0.00 | — | 0.01 | Oct 14, 2011 | The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | |||
| CVE-2011-3231 | 0.00 | — | 0.01 | Oct 14, 2011 | The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | |||
| CVE-2011-3229 | 0.00 | — | 0.02 | Oct 14, 2011 | Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | |||
| CVE-2011-3228 | 0.00 | — | 0.03 | Oct 14, 2011 | QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | |||
| CVE-2011-3227 | 0.00 | — | 0.02 | Oct 14, 2011 | libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1)… |
- CVE-2011-3924Jan 24, 2012risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.
- CVE-2011-3919Jan 7, 2012risk 0.00cvss —epss 0.02
Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2011-3913Dec 13, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.
- CVE-2011-3909Dec 13, 2011risk 0.00cvss —epss 0.02
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
- CVE-2011-3908Dec 13, 2011risk 0.00cvss —epss 0.02
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-4692Dec 7, 2011risk 0.00cvss —epss 0.01
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted…
- CVE-2010-5070Dec 7, 2011risk 0.00cvss —epss 0.02
The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different…
- CVE-2008-7303Nov 15, 2011risk 0.00cvss —epss 0.04
The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's…
- CVE-2011-3442Nov 11, 2011risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
- CVE-2011-3441Nov 11, 2011risk 0.00cvss —epss 0.02
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
- CVE-2011-3440Nov 11, 2011risk 0.00cvss —epss 0.00
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
- CVE-2011-3439Nov 11, 2011risk 0.00cvss —epss 0.05
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
- CVE-2011-3897Nov 11, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.
- CVE-2011-3998Nov 9, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-3251Oct 28, 2011risk 0.00cvss —epss 0.04
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
- CVE-2011-3250Oct 28, 2011risk 0.00cvss —epss 0.05
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
- CVE-2011-3249Oct 28, 2011risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
- CVE-2011-3248Oct 28, 2011risk 0.00cvss —epss 0.05
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
- CVE-2011-3247Oct 28, 2011risk 0.00cvss —epss 0.04
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
- CVE-2011-3888Oct 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.
- CVE-2011-3887Oct 25, 2011risk 0.00cvss —epss 0.01
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
- CVE-2011-3885Oct 25, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.
- CVE-2011-3881Oct 25, 2011risk 0.00cvss —epss 0.02
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the…
- CVE-2011-2845Oct 25, 2011risk 0.00cvss —epss 0.01
Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.
- CVE-2011-3437Oct 14, 2011risk 0.00cvss —epss 0.03
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
- CVE-2011-3436Oct 14, 2011risk 0.00cvss —epss 0.02
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
- CVE-2011-3435Oct 14, 2011risk 0.00cvss —epss 0.01
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.
- CVE-2011-3434Oct 14, 2011risk 0.00cvss —epss 0.02
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
- CVE-2011-3432Oct 14, 2011risk 0.00cvss —epss 0.02
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
- CVE-2011-3431Oct 14, 2011risk 0.00cvss —epss 0.00
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
- CVE-2011-3430Oct 14, 2011risk 0.00cvss —epss 0.02
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
- CVE-2011-3429Oct 14, 2011risk 0.00cvss —epss 0.00
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
- CVE-2011-3427Oct 14, 2011risk 0.00cvss —epss 0.01
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted…
- CVE-2011-3426Oct 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
- CVE-2011-3261Oct 14, 2011risk 0.00cvss —epss 0.03
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
- CVE-2011-3260Oct 14, 2011risk 0.00cvss —epss 0.03
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
- CVE-2011-3259Oct 14, 2011risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
- CVE-2011-3257Oct 14, 2011risk 0.00cvss —epss 0.00
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
- CVE-2011-3256Oct 14, 2011risk 0.00cvss —epss 0.04
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability…
- CVE-2011-3255Oct 14, 2011risk 0.00cvss —epss 0.02
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
- CVE-2011-3254Oct 14, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
- CVE-2011-3253Oct 14, 2011risk 0.00cvss —epss 0.01
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
- CVE-2011-3246Oct 14, 2011risk 0.00cvss —epss 0.03
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
- CVE-2011-3245Oct 14, 2011risk 0.00cvss —epss 0.00
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
- CVE-2011-3243Oct 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
- CVE-2011-3242Oct 14, 2011risk 0.00cvss —epss 0.01
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
- CVE-2011-3231Oct 14, 2011risk 0.00cvss —epss 0.01
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
- CVE-2011-3229Oct 14, 2011risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
- CVE-2011-3228Oct 14, 2011risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
- CVE-2011-3227Oct 14, 2011risk 0.00cvss —epss 0.02
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1)…
Page 142 of 169