Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1425 | 2 Aleksey, Apple | 2 Xml Security Library, Webkit | 2017-08-17 | 5.1 MEDIUM | N/A |
| xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. | |||||
| CVE-2011-0166 | 1 Apple | 2 Safari, Webkit | 2017-08-17 | 5.8 MEDIUM | N/A |
| The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. | |||||
| CVE-2011-0206 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 7.5 HIGH | N/A |
| Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. | |||||
| CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-17 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | |||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2017-08-17 | 2.9 LOW | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | |||||
| CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |||||
| CVE-2010-4010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-17 | 6.8 MEDIUM | N/A |
| Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | |||||
| CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2017-08-17 | 7.2 HIGH | N/A |
| Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-17 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
| CVE-2011-0158 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |||||
| CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |||||
| CVE-2011-0169 | 1 Apple | 2 Safari, Webkit | 2017-08-17 | 2.6 LOW | N/A |
| WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2017-08-17 | 5.8 MEDIUM | N/A |
| WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
| CVE-2010-3831 | 1 Apple | 1 Iphone Os | 2017-08-17 | 4.3 MEDIUM | N/A |
| Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | |||||
| CVE-2011-0157 | 1 Apple | 2 Iphone Os, Webkit | 2017-08-17 | 7.5 HIGH | N/A |
| WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. | |||||
| CVE-2010-2711 | 2 Apple, Hp | 2 Ipad, Magcloud | 2017-08-17 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors. | |||||
| CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2017-08-17 | 2.1 LOW | N/A |
| The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
| CVE-2010-1178 | 1 Apple | 2 Iphone Os, Safari | 2017-08-17 | 4.3 MEDIUM | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. | |||||
| CVE-2010-2454 | 1 Apple | 1 Safari | 2017-08-17 | 4.3 MEDIUM | N/A |
| Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
| CVE-2010-1180 | 1 Apple | 2 Iphone Os, Safari | 2017-08-17 | 9.3 HIGH | N/A |
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | |||||