Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3827 1 Apple 1 Iphone Os 2017-08-16 4.3 MEDIUM N/A
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-3828 1 Apple 1 Iphone Os 2017-08-16 4.3 MEDIUM N/A
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3829 1 Apple 1 Iphone Os 2017-08-16 5.8 MEDIUM N/A
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
CVE-2010-3830 1 Apple 1 Iphone Os 2017-08-16 7.2 HIGH N/A
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
CVE-2010-3831 1 Apple 1 Iphone Os 2017-08-16 4.3 MEDIUM N/A
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
CVE-2010-4010 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 6.8 MEDIUM N/A
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.
CVE-2010-4211 2 Apple, Ebay 2 Iphone Os, Paypal 2017-08-16 2.9 LOW N/A
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
CVE-2011-0157 1 Apple 2 Iphone Os, Webkit 2017-08-16 7.5 HIGH N/A
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
CVE-2011-0158 1 Apple 1 Iphone Os 2017-08-16 4.3 MEDIUM N/A
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
CVE-2011-0163 1 Apple 3 Iphone Os, Safari, Webkit 2017-08-16 4.3 MEDIUM N/A
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.
CVE-2011-0161 1 Apple 3 Iphone Os, Safari, Webkit 2017-08-16 4.3 MEDIUM N/A
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
CVE-2011-0166 1 Apple 2 Safari, Webkit 2017-08-16 5.8 MEDIUM N/A
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778.
CVE-2011-0169 1 Apple 2 Safari, Webkit 2017-08-16 2.6 LOW N/A
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2011-0206 1 Apple 2 Mac Os X, Mac Os X Server 2017-08-16 7.5 HIGH N/A
Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings.
CVE-2010-0496 2 Apple, Freebit 2 Iphone Os, Serversman 2017-08-16 5.0 MEDIUM N/A
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI.
CVE-2010-1178 1 Apple 2 Iphone Os, Safari 2017-08-16 4.3 MEDIUM N/A
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string.
CVE-2010-1180 1 Apple 2 Iphone Os, Safari 2017-08-16 9.3 HIGH N/A
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
CVE-2010-1940 2 Apple, Microsoft 2 Safari, Windows 2017-08-16 4.3 MEDIUM N/A
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2332 2 Apple, Impactfinancials 2 Iphone Os, Impact Pdf Reader 2017-08-16 5.0 MEDIUM N/A
Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request.
CVE-2010-2454 1 Apple 1 Safari 2017-08-16 4.3 MEDIUM N/A
Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.