| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0974 |
|
|
Exec Code Bypass |
2013-01-29 |
2013-02-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. |
|
2 |
CVE-2012-4672 |
20 |
|
|
2012-08-25 |
2013-04-04 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted. |
|
3 |
CVE-2012-3749 |
200 |
|
Bypass +Info |
2012-11-03 |
2013-03-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. |
|
4 |
CVE-2012-3748 |
362 |
|
DoS Exec Code |
2012-11-03 |
2013-03-01 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. |
|
5 |
CVE-2012-3745 |
119 |
|
DoS Overflow |
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. |
|
6 |
CVE-2012-3744 |
|
|
|
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. |
|
7 |
CVE-2012-3743 |
264 |
|
+Info |
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. |
|
8 |
CVE-2012-3742 |
264 |
|
|
2012-09-20 |
2013-03-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. |
|
9 |
CVE-2012-3724 |
200 |
|
+Info |
2012-09-20 |
2013-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. |
|
10 |
CVE-2012-3721 |
287 |
|
|
2012-09-20 |
2013-03-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. |
|
11 |
CVE-2012-3698 |
264 |
|
|
2012-07-26 |
2012-07-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool. |
|
12 |
CVE-2012-3693 |
|
|
|
2012-07-25 |
2012-09-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Incomplete blacklist vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, by leveraging the availability of IDN support and Unicode fonts to construct unspecified homoglyphs. |
|
13 |
CVE-2012-3691 |
20 |
|
Bypass |
2012-07-25 |
2012-09-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WebKit in Apple Safari before 6.0 does not properly handle Cascading Style Sheets (CSS) property values, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. |
|
14 |
CVE-2012-3689 |
20 |
|
Bypass |
2012-07-25 |
2012-07-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site. |
|
15 |
CVE-2012-0680 |
264 |
|
Bypass |
2012-07-25 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. |
|
16 |
CVE-2012-0676 |
20 |
|
|
2012-05-10 |
2013-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. |
|
17 |
CVE-2012-0651 |
200 |
|
+Info |
2012-05-10 |
2012-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. |
|
18 |
CVE-2012-0647 |
200 |
|
+Info |
2012-03-12 |
2012-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
|
19 |
CVE-2012-0641 |
20 |
|
+Info |
2012-03-08 |
2012-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. |
|
20 |
CVE-2012-0640 |
200 |
|
+Info |
2012-03-12 |
2012-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit in Apple Safari before 5.1.4 does not properly implement "From third parties and advertisers" cookie blocking, which makes it easier for remote web servers to track users via a cookie. |
|
21 |
CVE-2012-0585 |
264 |
|
Bypass |
2012-03-08 |
2012-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method. |
|
22 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
|
23 |
CVE-2011-3462 |
|
|
+Info |
2012-02-02 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. |
|
24 |
CVE-2011-3432 |
399 |
|
DoS |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |
|
25 |
CVE-2011-3259 |
399 |
|
DoS |
2011-10-14 |
2012-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. |
|
26 |
CVE-2011-3246 |
200 |
|
+Info |
2011-10-14 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. |
|
27 |
CVE-2011-3242 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. |
|
28 |
CVE-2011-3225 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. |
|
29 |
CVE-2011-3170 |
119 |
|
Exec Code Overflow |
2011-08-19 |
2013-05-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. |
|
30 |
CVE-2011-2896 |
119 |
|
Exec Code Overflow |
2011-08-19 |
2013-05-14 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. |
|
31 |
CVE-2011-1691 |
|
|
DoS |
2011-04-14 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. |
|
32 |
CVE-2011-1425 |
264 |
|
|
2011-04-04 |
2011-09-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. |
|
33 |
CVE-2011-1418 |
200 |
|
+Info |
2011-03-11 |
2011-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. |
|
34 |
CVE-2011-0231 |
200 |
|
+Info |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an intended cookie-storage policy, which makes it easier for remote web servers to track users via a cookie, related to a "synchronization issue." |
|
35 |
CVE-2011-0219 |
264 |
|
Bypass |
2011-07-21 |
2011-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. |
|
36 |
CVE-2011-0214 |
310 |
|
Bypass |
2011-07-21 |
2011-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. |
|
37 |
CVE-2011-0207 |
310 |
|
+Info |
2011-06-24 |
2011-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network. |
|
38 |
CVE-2011-0203 |
22 |
|
Dir. Trav. |
2011-06-24 |
2011-10-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Absolute path traversal vulnerability in xftpd in the FTP Server component in Apple Mac OS X before 10.6.8 allows remote attackers to list arbitrary directories by using the root directory as the starting point of a recursive listing. |
|
39 |
CVE-2011-0199 |
20 |
|
|
2011-06-24 |
2011-10-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. |
|
40 |
CVE-2011-0189 |
16 |
|
|
2011-03-22 |
2011-03-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities. |
|
41 |
CVE-2011-0183 |
189 |
|
DoS |
2011-03-22 |
2011-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue." |
|
42 |
CVE-2011-0166 |
264 |
|
Bypass +Info |
2011-03-11 |
2011-10-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. NOTE: this might overlap CVE-2011-0778. |
|
43 |
CVE-2011-0160 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
|
44 |
CVE-2011-0159 |
20 |
|
|
2011-03-11 |
2011-03-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. |
|
45 |
CVE-2010-5070 |
264 |
|
+Info |
2011-12-07 |
2012-03-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The JavaScript implementation in Apple Safari 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method, a different vulnerability than CVE-2010-2264. NOTE: this may overlap CVE-2010-5073. |
|
46 |
CVE-2010-3829 |
264 |
|
Bypass |
2010-11-26 |
2011-07-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. |
|
47 |
CVE-2010-3813 |
264 |
|
Bypass |
2010-11-22 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The WebCore::HTMLLinkElement::process function in WebCore/html/HTMLLinkElement.cpp in WebKit, as used in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4; webkitgtk before 1.2.6; and possibly other products does not verify whether DNS prefetching is enabled when processing an HTML LINK element, which allows remote attackers to bypass intended access restrictions, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality. |
|
48 |
CVE-2010-3804 |
310 |
|
|
2010-11-22 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171. |
|
49 |
CVE-2010-3784 |
|
|
DoS |
2010-11-16 |
2010-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls. |
|
50 |
CVE-2010-2432 |
399 |
|
DoS |
2010-06-22 |
2013-05-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses. |
