Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-06-16 | CVE-2011-2104 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors. | 4.3 |
| 2011-06-09 | CVE-2011-2107 | Cross-Site Scripting vulnerability in Adobe Acrobat, Acrobat Reader and Flash Player Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability." Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'This issue also affects the authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.3) and earlier 10.x and 9.x versions of Adobe Reader and Acrobat for Windows and Macintosh operating systems.' Per: http://www.adobe.com/support/security/bulletins/apsb11-13.html 'We expect to make available an update for Adobe Acrobat X (10.0.3) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Windows, Adobe Reader X (10.0.3) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. | 4.3 |
| 2011-05-13 | CVE-2011-0579 | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2011-05-03 | CVE-2011-1449 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
| 2011-05-03 | CVE-2011-1440 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences. | 6.8 |
| 2011-04-15 | CVE-2011-0195 | Information Exposure vulnerability in Apple Iphone OS 4.3.0/4.3.1 The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. | 4.3 |
| 2011-04-15 | CVE-2011-1691 | Null Pointer Dereference vulnerability in Google Chrome The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in the Cascading Style Sheets (CSS) implementation in WebCore in WebKit before r82222, as used in Google Chrome before 11.0.696.43 and other products, does not properly handle access to the (1) counterIncrement and (2) counterReset attributes of CSSStyleDeclaration data provided by a getComputedStyle method call, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code. | 5.0 |
| 2011-04-04 | CVE-2011-1425 | Permissions, Privileges, and Access Controls vulnerability in multiple products xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. | 5.1 |
| 2011-03-23 | CVE-2011-0194 | Numeric Errors vulnerability in Apple Imageio, mac OS X and mac OS X Server Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding. | 6.8 |
| 2011-03-23 | CVE-2011-0193 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image. | 6.8 |