VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,444 total · sorted by risk
  • CVE-2011-3924Jan 24, 2012
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

  • CVE-2011-3919Jan 7, 2012
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

  • CVE-2011-3913Dec 13, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

  • CVE-2011-3909Dec 13, 2011
    risk 0.00cvss epss 0.02

    The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2011-3908Dec 13, 2011
    risk 0.00cvss epss 0.02

    Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2011-4692Dec 7, 2011
    risk 0.00cvss epss 0.01

    WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted…

  • CVE-2010-5070Dec 7, 2011
    risk 0.00cvss epss 0.02

    The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different…

  • CVE-2008-7303Nov 15, 2011
    risk 0.00cvss epss 0.04

    The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's…

  • CVE-2011-3442Nov 11, 2011
    risk 0.00cvss epss 0.00

    The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

  • CVE-2011-3441Nov 11, 2011
    risk 0.00cvss epss 0.02

    libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.

  • CVE-2011-3440Nov 11, 2011
    risk 0.00cvss epss 0.00

    The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.

  • CVE-2011-3439Nov 11, 2011
    risk 0.00cvss epss 0.05

    FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

  • CVE-2011-3897Nov 11, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

  • CVE-2011-3998Nov 9, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-3251Oct 28, 2011
    risk 0.00cvss epss 0.04

    Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.

  • CVE-2011-3250Oct 28, 2011
    risk 0.00cvss epss 0.05

    Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.

  • CVE-2011-3249Oct 28, 2011
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.

  • CVE-2011-3248Oct 28, 2011
    risk 0.00cvss epss 0.05

    Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.

  • CVE-2011-3247Oct 28, 2011
    risk 0.00cvss epss 0.04

    Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.

  • CVE-2011-3888Oct 25, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

  • CVE-2011-3887Oct 25, 2011
    risk 0.00cvss epss 0.01

    Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

  • CVE-2011-3885Oct 25, 2011
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

  • CVE-2011-3881Oct 25, 2011
    risk 0.00cvss epss 0.02

    WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the…

  • CVE-2011-2845Oct 25, 2011
    risk 0.00cvss epss 0.01

    Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

  • CVE-2011-3437Oct 14, 2011
    risk 0.00cvss epss 0.03

    Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.

  • CVE-2011-3436Oct 14, 2011
    risk 0.00cvss epss 0.02

    Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.

  • CVE-2011-3435Oct 14, 2011
    risk 0.00cvss epss 0.01

    Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.

  • CVE-2011-3434Oct 14, 2011
    risk 0.00cvss epss 0.02

    The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

  • CVE-2011-3432Oct 14, 2011
    risk 0.00cvss epss 0.02

    The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

  • CVE-2011-3431Oct 14, 2011
    risk 0.00cvss epss 0.00

    The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.

  • CVE-2011-3430Oct 14, 2011
    risk 0.00cvss epss 0.02

    The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.

  • CVE-2011-3429Oct 14, 2011
    risk 0.00cvss epss 0.00

    The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.

  • CVE-2011-3427Oct 14, 2011
    risk 0.00cvss epss 0.01

    The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted…

  • CVE-2011-3426Oct 14, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.

  • CVE-2011-3261Oct 14, 2011
    risk 0.00cvss epss 0.03

    Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.

  • CVE-2011-3260Oct 14, 2011
    risk 0.00cvss epss 0.03

    Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

  • CVE-2011-3259Oct 14, 2011
    risk 0.00cvss epss 0.02

    The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.

  • CVE-2011-3257Oct 14, 2011
    risk 0.00cvss epss 0.00

    The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.

  • CVE-2011-3256Oct 14, 2011
    risk 0.00cvss epss 0.04

    FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability…

  • CVE-2011-3255Oct 14, 2011
    risk 0.00cvss epss 0.02

    CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

  • CVE-2011-3254Oct 14, 2011
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

  • CVE-2011-3253Oct 14, 2011
    risk 0.00cvss epss 0.01

    CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.

  • CVE-2011-3246Oct 14, 2011
    risk 0.00cvss epss 0.03

    CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

  • CVE-2011-3245Oct 14, 2011
    risk 0.00cvss epss 0.00

    The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.

  • CVE-2011-3243Oct 14, 2011
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

  • CVE-2011-3242Oct 14, 2011
    risk 0.00cvss epss 0.01

    The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.

  • CVE-2011-3231Oct 14, 2011
    risk 0.00cvss epss 0.01

    The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.

  • CVE-2011-3229Oct 14, 2011
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.

  • CVE-2011-3228Oct 14, 2011
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.

  • CVE-2011-3227Oct 14, 2011
    risk 0.00cvss epss 0.02

    libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1)…

Page 142 of 169