Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3231 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2017-08-28 6.8 MEDIUM N/A
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
CVE-2011-3243 1 Apple 2 Iphone Os, Safari 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
CVE-2011-3245 1 Apple 1 Iphone Os 2017-08-28 2.1 LOW N/A
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
CVE-2011-3246 1 Apple 3 Iphone Os, Mac Os X, Mac Os X Server 2017-08-28 5.0 MEDIUM N/A
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
CVE-2011-3255 1 Apple 1 Iphone Os 2017-08-28 4.3 MEDIUM N/A
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2011-3256 1 Apple 1 Iphone Os 2017-08-28 4.3 MEDIUM N/A
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
CVE-2011-3257 1 Apple 1 Iphone Os 2017-08-28 2.1 LOW N/A
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
CVE-2011-3260 1 Apple 1 Iphone Os 2017-08-28 6.8 MEDIUM N/A
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
CVE-2011-3261 1 Apple 1 Iphone Os 2017-08-28 6.8 MEDIUM N/A
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
CVE-2011-3430 1 Apple 1 Iphone Os 2017-08-28 9.3 HIGH N/A
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
CVE-2011-3431 1 Apple 1 Iphone Os 2017-08-28 2.1 LOW N/A
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
CVE-2011-3422 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-28 4.3 MEDIUM N/A
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari.
CVE-2011-3426 1 Apple 1 Iphone Os 2017-08-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
CVE-2011-3427 1 Apple 2 Apple Tv, Iphone Os 2017-08-28 2.6 LOW N/A
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
CVE-2011-3436 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-28 6.5 MEDIUM N/A
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
CVE-2011-3437 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-28 6.8 MEDIUM N/A
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
CVE-2011-3242 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2017-08-28 5.0 MEDIUM N/A
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie.
CVE-2011-2040 3 Apple, Cisco, Linux 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel 2017-08-28 9.3 HIGH N/A
The helper application in Cisco AnyConnect Secure Mobility Client (formerly AnyConnect VPN Client) before 2.5.3041, and 3.0.x before 3.0.629, on Linux and Mac OS X downloads a client executable file (vpndownloader.exe) without verifying its authenticity, which allows remote attackers to execute arbitrary code via the url property to a Java applet, aka Bug ID CSCsy05934.
CVE-2011-2391 1 Apple 3 Iphone Os, Itunes, Mac Os X 2017-08-28 6.1 MEDIUM N/A
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
CVE-2011-1425 2 Aleksey, Apple 2 Xml Security Library, Webkit 2017-08-16 5.1 MEDIUM N/A
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.