Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3827 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | |||||
CVE-2010-3828 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. | |||||
CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2017-08-16 | 5.8 MEDIUM | N/A |
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2017-08-16 | 7.2 HIGH | N/A |
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2010-3831 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | |||||
CVE-2010-4010 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 6.8 MEDIUM | N/A |
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document. | |||||
CVE-2010-4211 | 2 Apple, Ebay | 2 Iphone Os, Paypal | 2017-08-16 | 2.9 LOW | N/A |
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | |||||
CVE-2011-0157 | 1 Apple | 2 Iphone Os, Webkit | 2017-08-16 | 7.5 HIGH | N/A |
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. | |||||
CVE-2011-0158 | 1 Apple | 1 Iphone Os | 2017-08-16 | 4.3 MEDIUM | N/A |
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | |||||
CVE-2011-0163 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-16 | 4.3 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | |||||
CVE-2011-0161 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2017-08-16 | 4.3 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | |||||
CVE-2011-0166 | 1 Apple | 2 Safari, Webkit | 2017-08-16 | 5.8 MEDIUM | N/A |
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. | |||||
CVE-2011-0169 | 1 Apple | 2 Safari, Webkit | 2017-08-16 | 2.6 LOW | N/A |
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the window.console._inspectorCommandLineAPI property, which allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
CVE-2011-0206 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-08-16 | 7.5 HIGH | N/A |
Buffer overflow in International Components for Unicode (ICU) in Apple Mac OS X before 10.6.8 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving uppercase strings. | |||||
CVE-2010-0496 | 2 Apple, Freebit | 2 Iphone Os, Serversman | 2017-08-16 | 5.0 MEDIUM | N/A |
FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | |||||
CVE-2010-1178 | 1 Apple | 2 Iphone Os, Safari | 2017-08-16 | 4.3 MEDIUM | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. | |||||
CVE-2010-1180 | 1 Apple | 2 Iphone Os, Safari | 2017-08-16 | 9.3 HIGH | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. | |||||
CVE-2010-1940 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-08-16 | 4.3 MEDIUM | N/A |
Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2010-2332 | 2 Apple, Impactfinancials | 2 Iphone Os, Impact Pdf Reader | 2017-08-16 | 5.0 MEDIUM | N/A |
Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions for iPhone and iPod touch allows remote attackers to cause a denial of service (server crash) via a "..." body in a POST request. | |||||
CVE-2010-2454 | 1 Apple | 1 Safari | 2017-08-16 | 4.3 MEDIUM | N/A |
Apple Safari does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. |