Total
3723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1114 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly handle tables, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||||
| CVE-2011-1109 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1107 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 9.0.597.107 allows remote attackers to spoof the URL bar via unknown vectors. | |||||
| CVE-2011-0983 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.94 does not properly handle anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0981 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-0228 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.5 HIGH | N/A |
| The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | |||||
| CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2024-11-21 | 7.2 HIGH | N/A |
| The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | |||||
| CVE-2011-0226 | 2 Apple, Freetype | 2 Iphone Os, Freetype | 2024-11-21 | 9.3 HIGH | N/A |
| Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | |||||
| CVE-2011-0195 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | N/A |
| The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | |||||
| CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-11-21 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
| CVE-2011-0162 | 1 Apple | 3 Apple Tv, Iphone Os, Tvos | 2024-11-21 | 7.8 HIGH | N/A |
| Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. | |||||
| CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-11-21 | 4.3 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | |||||
| CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2024-11-21 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
| CVE-2011-0159 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | |||||
| CVE-2011-0158 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | N/A |
| MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |||||
| CVE-2011-0157 | 1 Apple | 2 Iphone Os, Webkit | 2024-11-21 | 7.5 HIGH | N/A |
| WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. | |||||
| CVE-2011-0154 | 2 Apple, Microsoft | 3 Iphone Os, Itunes, Windows | 2024-11-21 | 5.1 MEDIUM | N/A |
| WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. | |||||
| CVE-2010-4494 | 10 Apache, Apple, Debian and 7 more | 17 Openoffice, Iphone Os, Itunes and 14 more | 2024-11-21 | 7.5 HIGH | N/A |
| Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||||
| CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2024-11-21 | 2.9 LOW | N/A |
| The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | |||||
| CVE-2010-4012 | 1 Apple | 1 Iphone Os | 2024-11-21 | 6.2 MEDIUM | N/A |
| Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | |||||