Apple : Security Vulnerabilities, CVEs, Published In 2011 (Code Execution)
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
Max CVSS
9.3
EPSS Score
1.05%
Published
2011-11-11
Updated
2021-06-22
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document.
Max CVSS
6.8
EPSS Score
2.83%
Published
2011-10-14
Updated
2017-08-29
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
Max CVSS
6.8
EPSS Score
0.96%
Published
2011-10-14
Updated
2017-08-29
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
Max CVSS
6.8
EPSS Score
0.97%
Published
2011-10-14
Updated
2017-08-29
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
Max CVSS
4.3
EPSS Score
2.77%
Published
2011-10-14
Updated
2017-08-29
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
Max CVSS
9.3
EPSS Score
8.73%
Published
2011-10-12
Updated
2017-09-19
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
Max CVSS
9.3
EPSS Score
10.06%
Published
2011-10-28
Updated
2017-09-19
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
Max CVSS
9.3
EPSS Score
79.44%
Published
2011-10-28
Updated
2017-09-19
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
Max CVSS
9.3
EPSS Score
6.11%
Published
2011-10-28
Updated
2017-09-19
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
Max CVSS
9.3
EPSS Score
5.99%
Published
2011-10-28
Updated
2017-09-19
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
Max CVSS
9.3
EPSS Score
2.40%
Published
2011-10-28
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.42%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.42%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.42%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.42%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.88%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.88%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.88%
Published
2011-10-12
Updated
2017-09-19
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1.
Max CVSS
7.6
EPSS Score
0.42%
Published
2011-10-12
Updated
2017-09-19
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate.
Max CVSS
6.8
EPSS Score
0.33%
Published
2011-10-14
Updated
2017-08-29
CVE-2011-3230
Public exploit
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
Max CVSS
6.8
EPSS Score
93.32%
Published
2011-10-14
Updated
2017-08-29
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file.
Max CVSS
6.8
EPSS Score
2.14%
Published
2011-10-14
Updated
2012-01-14
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message.
Max CVSS
6.8
EPSS Score
0.99%
Published
2011-10-14
Updated
2012-01-14
The User Documentation component in Apple Mac OS X through 10.6.8 uses http sessions for updates to App Store help information, which allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server.
Max CVSS
2.6
EPSS Score
0.11%
Published
2011-10-14
Updated
2012-01-14
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file.
Max CVSS
6.8
EPSS Score
11.37%
Published
2011-10-14
Updated
2012-01-14