| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-4692 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 and earlier, does not prevent capture of data about the time required for image loading, which makes it easier for remote attackers to determine whether an image exists in the browser cache via crafted JavaScript code, as demonstrated by visipisi. |
|
2 |
CVE-2011-3998 |
79 |
|
XSS |
2011-11-09 |
2011-11-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
3 |
CVE-2011-3442 |
399 |
|
Exec Code |
2011-11-11 |
2012-02-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. |
|
4 |
CVE-2011-3441 |
200 |
|
+Info |
2011-11-11 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname. |
|
5 |
CVE-2011-3440 |
264 |
|
|
2011-11-11 |
2011-11-15 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. |
|
6 |
CVE-2011-3439 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-11 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
|
7 |
CVE-2011-3437 |
189 |
|
Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.7 before 10.7.2 allows remote attackers to execute arbitrary code via a crafted embedded Type 1 font in a document. |
|
8 |
CVE-2011-3436 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. |
|
9 |
CVE-2011-3435 |
255 |
|
|
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors. |
|
10 |
CVE-2011-3434 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
|
11 |
CVE-2011-3432 |
399 |
|
DoS |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |
|
12 |
CVE-2011-3431 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. |
|
13 |
CVE-2011-3430 |
|
|
|
2011-10-14 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. |
|
14 |
CVE-2011-3429 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. |
|
15 |
CVE-2011-3427 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. |
|
16 |
CVE-2011-3426 |
79 |
|
XSS |
2011-10-14 |
2012-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. |
|
17 |
CVE-2011-3422 |
20 |
|
|
2011-09-12 |
2012-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated by https access with Safari. |
|
18 |
CVE-2011-3261 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. |
|
19 |
CVE-2011-3260 |
94 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. |
|
20 |
CVE-2011-3259 |
399 |
|
DoS |
2011-10-14 |
2012-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. |
|
21 |
CVE-2011-3257 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie. |
|
22 |
CVE-2011-3256 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. |
|
23 |
CVE-2011-3255 |
255 |
|
+Info |
2011-10-14 |
2012-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. |
|
24 |
CVE-2011-3254 |
79 |
|
XSS |
2011-10-14 |
2011-10-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. |
|
25 |
CVE-2011-3253 |
200 |
|
+Info |
2011-10-14 |
2011-10-14 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. |
|
26 |
CVE-2011-3252 |
119 |
|
DoS Exec Code Overflow |
2011-10-12 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. |
|
27 |
CVE-2011-3251 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-27 |
2012-03-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. |
|
28 |
CVE-2011-3250 |
189 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. |
|
29 |
CVE-2011-3249 |
119 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. |
|
30 |
CVE-2011-3248 |
189 |
|
DoS Exec Code |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. |
|
31 |
CVE-2011-3247 |
189 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-03-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. |
|
32 |
CVE-2011-3246 |
200 |
|
+Info |
2011-10-14 |
2012-02-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. |
|
33 |
CVE-2011-3245 |
255 |
|
+Info |
2011-10-14 |
2011-10-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. |
|
34 |
CVE-2011-3244 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
35 |
CVE-2011-3243 |
79 |
|
XSS |
2011-10-14 |
2011-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. |
|
36 |
CVE-2011-3242 |
200 |
|
+Info |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. |
|
37 |
CVE-2011-3241 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
38 |
CVE-2011-3239 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
39 |
CVE-2011-3238 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
40 |
CVE-2011-3237 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
41 |
CVE-2011-3236 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
42 |
CVE-2011-3235 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
43 |
CVE-2011-3233 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
44 |
CVE-2011-3231 |
94 |
|
Exec Code |
2011-10-14 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. |
|
45 |
CVE-2011-3230 |
264 |
|
Exec Code |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. |
|
46 |
CVE-2011-3229 |
22 |
|
Exec Code Dir. Trav. |
2011-10-14 |
2011-10-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. |
|
47 |
CVE-2011-3228 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
|
48 |
CVE-2011-3227 |
20 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. |
|
49 |
CVE-2011-3226 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. |
|
50 |
CVE-2011-3225 |
264 |
|
Bypass |
2011-10-14 |
2012-01-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. |
