| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2011-3439 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-11-11 |
2012-12-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. |
|
2 |
CVE-2011-3432 |
399 |
|
DoS |
2011-10-14 |
2011-10-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. |
|
3 |
CVE-2011-3261 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. |
|
4 |
CVE-2011-3260 |
94 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. |
|
5 |
CVE-2011-3259 |
399 |
|
DoS |
2011-10-14 |
2012-01-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. |
|
6 |
CVE-2011-3256 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-12-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. |
|
7 |
CVE-2011-3252 |
119 |
|
DoS Exec Code Overflow |
2011-10-12 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream. |
|
8 |
CVE-2011-3251 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-27 |
2012-03-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file. |
|
9 |
CVE-2011-3250 |
189 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. |
|
10 |
CVE-2011-3249 |
119 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding. |
|
11 |
CVE-2011-3248 |
189 |
|
DoS Exec Code |
2011-10-27 |
2012-02-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file. |
|
12 |
CVE-2011-3247 |
189 |
|
DoS Exec Code Overflow |
2011-10-27 |
2012-03-27 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file. |
|
13 |
CVE-2011-3244 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
14 |
CVE-2011-3241 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
15 |
CVE-2011-3239 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
16 |
CVE-2011-3238 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
17 |
CVE-2011-3237 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
18 |
CVE-2011-3236 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
19 |
CVE-2011-3235 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
20 |
CVE-2011-3233 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
21 |
CVE-2011-3228 |
94 |
|
DoS Exec Code Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. |
|
22 |
CVE-2011-3227 |
20 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. |
|
23 |
CVE-2011-3223 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FLIC movie file. |
|
24 |
CVE-2011-3222 |
119 |
|
DoS Exec Code Overflow |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file. |
|
25 |
CVE-2011-3221 |
94 |
|
DoS Exec Code |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the atom hierarchy in movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. |
|
26 |
CVE-2011-3219 |
119 |
|
DoS Exec Code Overflow |
2011-10-12 |
2011-12-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
|
27 |
CVE-2011-3217 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-14 |
2012-01-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted disk image. |
|
28 |
CVE-2011-2831 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
29 |
CVE-2011-2820 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
30 |
CVE-2011-2817 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
31 |
CVE-2011-2816 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
32 |
CVE-2011-2815 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
33 |
CVE-2011-2814 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
34 |
CVE-2011-2813 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
35 |
CVE-2011-2811 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
36 |
CVE-2011-2809 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
37 |
CVE-2011-2601 |
264 |
|
DoS |
2011-06-30 |
2011-07-12 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. |
|
38 |
CVE-2011-2356 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
39 |
CVE-2011-2354 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
40 |
CVE-2011-2352 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
41 |
CVE-2011-2341 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-03-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
42 |
CVE-2011-2339 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-01-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
43 |
CVE-2011-2338 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-10-12 |
2012-01-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1. |
|
44 |
CVE-2011-1804 |
20 |
|
DoS |
2011-05-26 |
2012-01-26 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." |
|
45 |
CVE-2011-1800 |
189 |
|
DoS Overflow |
2011-05-16 |
2012-01-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple integer overflows in the SVG Filters implementation in WebCore in WebKit in Google Chrome before 11.0.696.68 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
46 |
CVE-2011-1797 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
47 |
CVE-2011-1691 |
|
|
DoS |
2011-04-14 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. |
|
48 |
CVE-2011-1462 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
49 |
CVE-2011-1457 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
|
50 |
CVE-2011-1453 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-07-21 |
2011-10-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. |
