Filtered by vendor Apple
Subscriptions
Total
14575 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-3707 | 1 Apple | 1 Itunes | 2025-04-11 | N/A |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| CVE-2012-3709 | 1 Apple | 1 Itunes | 2025-04-11 | N/A |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| CVE-2012-3710 | 1 Apple | 1 Itunes | 2025-04-11 | N/A |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| CVE-2012-3712 | 1 Apple | 1 Itunes | 2025-04-11 | N/A |
| WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | ||||
| CVE-2012-3714 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | ||||
| CVE-2012-3718 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes. | ||||
| CVE-2012-3721 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors. | ||||
| CVE-2012-3724 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. | ||||
| CVE-2012-3726 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | ||||
| CVE-2012-3729 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. | ||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| CVE-2012-3733 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Messages in Apple iOS before 6, when multiple iMessage e-mail addresses are configured, does not ensure that a reply's sender address matches the recipient address of the original message, which allows remote attackers to obtain potentially sensitive information about alternate e-mail addresses in opportunistic circumstances by reading a reply. | ||||
| CVE-2012-3734 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content. | ||||
| CVE-2012-3735 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen. | ||||
| CVE-2012-3740 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | ||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. | ||||
| CVE-2012-3745 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | ||||
| CVE-2012-3746 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| UIWebView in UIKit in Apple iOS before 6 does not properly use the Data Protection feature, which allows context-dependent attackers to obtain cleartext file content by leveraging direct access to a device's filesystem. | ||||
| CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2025-04-11 | N/A |
| Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | ||||
| CVE-2012-3750 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | ||||