Vulnerabilities > Apple
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-11 | CVE-2011-0163 | Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | 4.3 |
2011-03-11 | CVE-2011-0162 | Improper Input Validation vulnerability in Apple TV, Iphone OS and Tvos Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network. | 7.8 |
2011-03-11 | CVE-2011-0161 | Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | 4.3 |
2011-03-11 | CVE-2011-0160 | Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | 5.0 |
2011-03-11 | CVE-2011-0159 | Improper Input Validation vulnerability in Apple Iphone OS 4.0/4.1/4.2 The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | 5.0 |
2011-03-11 | CVE-2011-0158 | Improper Input Validation vulnerability in Apple Iphone OS MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code. | 4.3 |
2011-03-11 | CVE-2011-0157 | Buffer Errors vulnerability in Apple Iphone OS and Webkit WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1. | 7.5 |
2011-03-11 | CVE-2011-1290 | Numeric Errors vulnerability in multiple products Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | 10.0 |
2011-03-11 | CVE-2011-1417 | Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. | 6.8 |
2011-03-11 | CVE-2011-1204 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | 6.8 |