CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2011-3459 189 DoS Exec Code Overflow 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted rdrf atom in a movie file that triggers a buffer overflow.
1202 CVE-2011-3458 264 DoS Exec Code 2012-02-02 2012-05-18
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file.
1203 CVE-2011-3450 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption and application crash) via a long URL.
1204 CVE-2011-3449 399 DoS Exec Code 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font in a document.
1205 CVE-2011-3448 119 DoS Exec Code Overflow 2012-02-02 2012-02-03
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
1206 CVE-2011-3438 119 DoS Exec Code Overflow 2017-04-24 2017-04-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Safari 5.0.6, allows remote attackers to cause a denial of service (process crash) or arbitrary code execution.
1207 CVE-2011-3437 189 Exec Code 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
1208 CVE-2011-3436 264 Bypass 2011-10-14 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation.
1209 CVE-2011-3261 94 DoS Exec Code 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
1210 CVE-2011-3260 94 DoS Exec Code Overflow 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
1211 CVE-2011-3229 22 Exec Code Dir. Trav. 2011-10-14 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL.
1212 CVE-2011-3228 94 DoS Exec Code Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
1213 CVE-2011-3227 20 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
1214 CVE-2011-3226 264 Bypass 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account.
1215 CVE-2011-3223 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
1216 CVE-2011-3222 119 DoS Exec Code Overflow 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.
1217 CVE-2011-3221 94 DoS Exec Code 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file.
1218 CVE-2011-3217 119 DoS Exec Code Overflow Mem. Corr. 2011-10-14 2012-01-14
6.8
None Remote Medium Not required Partial Partial Partial
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image.
1219 CVE-2011-3102 189 DoS 2012-05-16 2017-12-29
6.8
None Remote Medium Not required Partial Partial Partial
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
1220 CVE-2011-3078 416 DoS 2012-05-01 2020-04-13
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.
1221 CVE-2011-3076 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.
1222 CVE-2011-3075 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands.
1223 CVE-2011-3074 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.
1224 CVE-2011-3073 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG resources.
1225 CVE-2011-3071 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
1226 CVE-2011-3069 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes.
1227 CVE-2011-3068 416 DoS 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.
1228 CVE-2011-3067 346 Bypass 2012-04-05 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.
1229 CVE-2011-3060 125 DoS 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.142 does not properly handle text fragments, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
1230 CVE-2011-3059 125 DoS 2012-03-30 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
1231 CVE-2011-3056 346 Bypass 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
1232 CVE-2011-3053 416 DoS 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
1233 CVE-2011-3050 416 DoS 2012-03-22 2020-04-14
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
1234 CVE-2011-3044 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animation elements.
1235 CVE-2011-3043 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a flexbox (aka flexible box) in conjunction with the floating of elements.
1236 CVE-2011-3042 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of table sections.
1237 CVE-2011-3041 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes.
1238 CVE-2011-3039 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to quote handling.
1239 CVE-2011-3038 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to multi-column handling.
1240 CVE-2011-3037 704 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.65 does not properly perform casts of unspecified variables during the splitting of anonymous blocks, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
1241 CVE-2011-3036 704 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 17.0.963.65 does not properly perform a cast of an unspecified variable during handling of line boxes, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.
1242 CVE-2011-3035 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG use elements.
1243 CVE-2011-3034 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an SVG document.
1244 CVE-2011-3032 416 DoS 2012-03-05 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of SVG values.
1245 CVE-2011-3026 190 DoS Overflow 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
1246 CVE-2011-3016 416 DoS 2012-02-16 2020-04-16
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving counter nodes, related to a "read-after-free" issue.
1247 CVE-2011-2877 DoS 2011-10-04 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
1248 CVE-2011-2857 416 DoS 2011-09-19 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
1249 CVE-2011-2855 74 DoS 2011-09-19 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
1250 CVE-2011-2854 416 DoS 2011-09-19 2020-05-08
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
Total number of vulnerabilities : 1465   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.