Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-23 | CVE-2011-0176 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font. | 6.8 |
| 2011-03-23 | CVE-2011-0175 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font. | 6.8 |
| 2011-03-23 | CVE-2011-0174 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font. | 6.8 |
| 2011-03-23 | CVE-2011-0173 | USE of Externally-Controlled Format String vulnerability in Apple Applescript, mac OS X and mac OS X Server Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application. | 6.8 |
| 2011-03-23 | CVE-2011-0172 | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162. | 4.9 |
| 2011-03-11 | CVE-2011-1418 | Information Exposure vulnerability in Apple TV, Iphone OS and Tvos The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. | 5.0 |
| 2011-03-11 | CVE-2011-0167 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | 4.3 |
| 2011-03-11 | CVE-2011-0166 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit The HTML5 drag and drop functionality in WebKit in Apple Safari before 5.0.4 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via vectors related to the dragging of content. | 5.8 |
| 2011-03-11 | CVE-2011-0163 | Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. | 4.3 |
| 2011-03-11 | CVE-2011-0161 | Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site. | 4.3 |