Showing preview only (7,078K chars total). Download the full file or copy to clipboard to get everything.
Repository: Proteas/apple-cve
Branch: master
Commit: f915f89da5c1
Files: 34
Total size: 6.7 MB
Directory structure:
gitextract_69hxtqe0/
├── .gitignore
├── 2011/
│ ├── 2011.json
│ └── README.md
├── 2012/
│ ├── 2012.json
│ └── README.md
├── 2013/
│ ├── 2013.json
│ └── README.md
├── 2014/
│ ├── 2014.json
│ └── README.md
├── 2015/
│ ├── 2015.json
│ └── README.md
├── 2016/
│ ├── 2016.json
│ └── README.md
├── 2017/
│ ├── 2017.json
│ └── README.md
├── 2018/
│ ├── 2018.json
│ └── README.md
├── 2019/
│ ├── 2019.json
│ └── README.md
├── 2020/
│ ├── 2020.json
│ └── README.md
├── 2021/
│ ├── 2021.json
│ └── README.md
├── 2022/
│ ├── 2022.json
│ └── README.md
├── 2023/
│ ├── 2023.json
│ └── README.md
├── 2024/
│ ├── 2024.json
│ └── README.md
├── 2025/
│ ├── 2025.json
│ └── README.md
├── 2026/
│ ├── 2026.json
│ └── README.md
└── README.md
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
# Xcode
#
# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore
## Build generated
build/
DerivedData/
## Various settings
*.pbxuser
!default.pbxuser
*.mode1v3
!default.mode1v3
*.mode2v3
!default.mode2v3
*.perspectivev3
!default.perspectivev3
xcuserdata/
## Other
*.moved-aside
*.xccheckout
*.xcscmblueprint
## Obj-C/Swift specific
*.hmap
*.ipa
*.dSYM.zip
*.dSYM
# CocoaPods
#
# We recommend against adding the Pods directory to your .gitignore. However
# you should judge for yourself, the pros and cons are mentioned at:
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
#
# Pods/
# Carthage
#
# Add this line if you want to avoid checking in source code from Carthage dependencies.
# Carthage/Checkouts
Carthage/Build
# fastlane
#
# It is recommended to not store the screenshots in the git repo. Instead, use fastlane to re-generate the
# screenshots whenever they are needed.
# For more information about the recommended setup visit:
# https://docs.fastlane.tools/best-practices/source-control/#source-control
fastlane/report.xml
fastlane/Preview.html
fastlane/screenshots/**/*.png
fastlane/test_output
# Code Injection
#
# After new code Injection tools there's a generated folder /iOSInjectionProject
# https://github.com/johnno1962/injectionforxcode
iOSInjectionProject/
================================================
FILE: 2011/2011.json
================================================
[
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2006-7243",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5 or later, Windows 7, Vista, XP SP2 or later"
],
"credit": "Francisco Amato of Infobyte Security Research",
"description": "iTunes periodically checks for software updates using an HTTP request to Apple. This request may cause iTunes to indicate that an update is available. If Apple Software Update for Windows is not installed, clicking the Download iTunes button may open the URL from the HTTP response in the user's default browser. This issue has been mitigated by using a secured connection when checking for available updates. For OS X systems, the user's default browser is not used because Apple Software Update is included with OS X, however this change adds additional defense-in-depth.",
"id": "CVE-2008-3434",
"impact": "A man-in-the-middle attacker may offer software that appears to originate from Apple",
"links": [
"http://support.apple.com/en-us/HT5030"
],
"module": "iTunes",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.",
"id": "CVE-2009-3245",
"impact": "Multiple vulnerabilities in OpenSSL",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "OpenSSL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.",
"id": "CVE-2009-4022",
"impact": "Multiple vulnerabilities in BIND",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "BIND",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.",
"id": "CVE-2010-0097",
"impact": "Multiple vulnerabilities in BIND",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "BIND",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6.6",
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "An integer overflow issue existed in bzip2's handling of bzip2 compressed files. Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-0405",
"impact": "Using the command line bzip2 or bunzip2 tool to decompress a bzip2 file may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "bzip2",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.",
"id": "CVE-2010-0740",
"impact": "Multiple vulnerabilities in OpenSSL",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "OpenSSL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2010-1157",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "",
"description": "libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. For Mac OS X v10.5 systems, this is addressed in Security Update 2010-007. Further information is available via the libpng website at",
"id": "CVE-2010-1205",
"impact": "Multiple vulnerabilities in libpng",
"links": [
"http://support.apple.com/en-us/HT4554"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at",
"id": "CVE-2010-1323",
"impact": "Multiple vulnerabilities in MIT Kerberos 5",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Kerberos",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at",
"id": "CVE-2010-1324",
"impact": "Multiple vulnerabilities in MIT Kerberos 5",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Kerberos",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Takehiro Takahashi of IBM X-Force Research",
"description": "The NTLM authentication protocol is susceptible to a replay attack referred to as credential reflection. Authenticating to a maliciously crafted website may lead to arbitrary code execution. To mitigate this issue, Safari has been updated to utilize protection mechanisms recently added to Windows. This issue does not affect Mac OS X systems.",
"id": "CVE-2010-1383",
"impact": "Authenticating to a maliciously crafted website may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "CFNetwork",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Hidetake Jo working with Microsoft Vulnerability Research (MSVR), Neal Poole of Matasano Security",
"description": "In certain situations, Safari may treat a file as HTML, even if it is served with the 'text/plain' content type. This may lead to a cross-site scripting attack on sites that allow untrusted users to post text files. This issue is addressed through improved handling of 'text/plain' content.",
"id": "CVE-2010-1420",
"impact": "Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "CFNetwork",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at",
"id": "CVE-2010-1452",
"impact": "Multiple vulnerabilities in Apache 2.2.15",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Apache",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "",
"description": "Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at",
"id": "CVE-2010-1634",
"impact": "Multiple vulnerabilities in python",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "python",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-1792",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "David Weston of Microsoft and Microsoft Vulnerability Research (MSVR), wushi of team509, and Yong Li of Research In Motion Ltd.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2010-1823",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "kuzzcc, and wushi of team509 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-1824",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Apache is updated to version 2.2.17 to address several vulnerabilities, the most serious of which may lead to a denial of service. Further information is available via the Apache web site at",
"id": "CVE-2010-2068",
"impact": "Multiple vulnerabilities in Apache 2.2.15",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Apache",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "",
"description": "Multiple vulnerabilities existed in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project. Further information is available via the python site at",
"id": "CVE-2010-2089",
"impact": "Multiple vulnerabilities in python",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "python",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2010-2227",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "",
"description": "libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. For Mac OS X v10.5 systems, this is addressed in Security Update 2010-007. Further information is available via the libpng website at",
"id": "CVE-2010-2249",
"impact": "Multiple vulnerabilities in libpng",
"links": [
"http://support.apple.com/en-us/HT4554"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Maksymilian Arciemowicz",
"description": "Applications which use the glob(3) API may be vulnerable to a denial of service. If the glob pattern comes from untrusted input, the application may hang or use excessive CPU resources. This issue is addressed through improved validation of glob patterns.",
"id": "CVE-2010-2632",
"impact": "Applications which use the glob(3) API may be vulnerable to a denial of service",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "Libsystem",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-2950",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "A stack buffer overflow existed in Samba's handling of Windows Security IDs. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X 10.6.7.",
"id": "CVE-2010-3069",
"impact": "If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4723"
],
"module": "Samba",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple cross-site scripting issues existed in Mailman 2.1.13. These issues are addressed by updating Mailman to version 2.1.14. Further information is available via the Mailman site at",
"id": "CVE-2010-3089",
"impact": "Multiple vulnerabilities in Mailman 2.1.13",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Mailman",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Subversion servers that use the non-default \"SVNPathAuthz short_circuit\" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository. This issue is addressed by updating Subversion to version 1.6.13. This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2010-3315",
"impact": "Subversion servers that use the non-default \"SVNPathAuthz short_circuit\" mod_dav_svn configuration setting may allow unauthorized users to access portions of the repository",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Subversion",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at",
"id": "CVE-2010-3434",
"impact": "Multiple vulnerabilities in ClamAV",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ClamAV",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at",
"id": "CVE-2010-3436",
"impact": "Multiple vulnerabilities in PHP 5.3.4",
"links": [
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.",
"id": "CVE-2010-3613",
"impact": "Multiple vulnerabilities in BIND",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "BIND",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.",
"id": "CVE-2010-3614",
"impact": "Multiple vulnerabilities in BIND",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "BIND",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3677",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3682",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-3709",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-3710",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2010-3718",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"iOS",
"iWork 9.0 through 9.0.5"
],
"credit": "Apple",
"description": "A buffer overflow existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-3785",
"impact": "Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4830",
"http://support.apple.com/en-us/HT5004"
],
"module": "Numbers",
"rsr": "",
"update": ""
},
{
"available": [
"iOS",
"iWork 9.0 through 9.0.5."
],
"credit": "Tobias Klein, working with VeriSign iDefense Labs",
"description": "A memory corruption issue existed in the handling of Excel files. Opening a maliciously crafted Excel file in Numbers may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-3786",
"impact": "Opening a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4830",
"http://support.apple.com/en-us/HT5004"
],
"module": "Numbers",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Subreption LLC working with TippingPoint's Zero Day Initiative",
"description": "A buffer overflow existed in QuickTime's handling of PICT images. Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-3790",
"impact": "Viewing a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Damian Put working with TippingPoint's Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team",
"description": "A memory corruption issue existed in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.",
"id": "CVE-2010-3801",
"impact": "Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "an anonymous researcher working with TippingPoint's Zero Day Initiative",
"description": "A memory corruption issue existed in QuickTime's handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.",
"id": "CVE-2010-3802",
"impact": "Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.4. Further information is available via the FreeType site at http://www.freetype.org/",
"id": "CVE-2010-3814",
"impact": "Multiple vulnerabilities in FreeType",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "X11",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later"
],
"credit": "Mike Cardwell of Cardwell IT Ltd.",
"description": "DNS prefetching was enabled by default in WebKit. Applications that use WebKit, such a s mail clients, may connect to an arbitrary DNS server upon processing HTML content. This update addresses the issue by requiring applications to opt in to DNS prefetching.",
"id": "CVE-2010-3829",
"impact": "Applications that use WebKit, such as mail clients, may connect to an arbitrary DNS server upon processing HTML content",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3833",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3834",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3835",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3836",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3837",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "MySQL is updated to version 5.0.92 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. MySQL is only provided with Mac OS X Server systems.",
"id": "CVE-2010-3838",
"impact": "Multiple vulnerabilities in MySQL 5.0.91",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MySQL",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 and 4.1",
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad",
"iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad",
"iOS 4.2.5 through 4.2.8 for iPhone 4 (CDMA model)"
],
"credit": "",
"description": "A buffer overflow exists in FreeType's handling of TrueType font files. Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-3855",
"impact": "Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4564",
"http://support.apple.com/en-us/HT4565",
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4802",
"http://support.apple.com/en-us/HT4803"
],
"module": "CoreGraphics",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.",
"id": "CVE-2010-3864",
"impact": "Multiple vulnerabilities in OpenSSL",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "OpenSSL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-3870",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Bui Quang Minh from Bkis (www.bkis.com)",
"description": "A memory corruption issue existed in libxml's XPath handling. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2010-4008",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4581"
],
"module": "libxml",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Honggang Ren of Fortinet's FortiGuard Labs",
"description": "An integer overflow existed in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.5 this issue was addressed in QuickTime 7.6.9.",
"id": "CVE-2010-4009",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.5, Mac OS X Server v10.6 through v10.6.5"
],
"credit": "Aaron Sigel of vtty.com",
"description": "A format string issue exists in PackageKit's handling of distribution scripts. A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution when Software Update checks for new updates. This issue is addressed through improved validation of distribution scripts. This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2010-4013",
"impact": "A man-in-the-middle attacker may be able to cause an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4498"
],
"module": "PackageKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at",
"id": "CVE-2010-4020",
"impact": "Multiple vulnerabilities in MIT Kerberos 5",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Kerberos",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "Multiple cryptographic issues existed in MIT Kerberos 5. Only CVE-2010-1323 affects Mac OS X v10.5. Further information on the issues and the patches applied is available via the MIT Kerberos website at",
"id": "CVE-2010-4021",
"impact": "Multiple vulnerabilities in MIT Kerberos 5",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Kerberos",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-4150",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2010-4172",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.",
"id": "CVE-2010-4180",
"impact": "Multiple vulnerabilities in OpenSSL",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "OpenSSL",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at",
"id": "CVE-2010-4260",
"impact": "Multiple vulnerabilities in ClamAV",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ClamAV",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at",
"id": "CVE-2010-4261",
"impact": "Multiple vulnerabilities in ClamAV",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ClamAV",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "PHP is updated to version 5.3.4 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the PHP website at",
"id": "CVE-2010-4409",
"impact": "Multiple vulnerabilities in PHP 5.3.3",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4422",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4447",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4448",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4450",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4454",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4462",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4463",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4465",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4467",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4468",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4469",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4470",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4471",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4472",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4473",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_22, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_24. Further information is available via the Java website at",
"id": "CVE-2010-4476",
"impact": "Multiple vulnerabilities in Java 1.6.0_22",
"links": [
"http://support.apple.com/en-us/HT4562",
"http://support.apple.com/en-us/HT4563"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6.6"
],
"credit": "",
"description": "Multiple vulnerabilities exist in ClamAV, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.96.5. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at",
"id": "CVE-2010-4479",
"impact": "Multiple vulnerabilities in ClamAV",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ClamAV",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Yang Dingning of NCNIPC, Graduate University of Chinese Academy of Sciences",
"description": "A double free issue existed in libxml's handling of XPath expressions. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2010-4494",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564",
"http://support.apple.com/en-us/HT4581"
],
"module": "libxml",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at",
"id": "CVE-2010-4645",
"impact": "Multiple vulnerabilities in PHP 5.3.4",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "A directory traversal issue existed in GNU patch. Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten. This issue is addressed through improved validation of patch files.",
"id": "CVE-2010-4651",
"impact": "Running patch on a maliciously crafted patch file may cause arbitrary files to be created or overwritten",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "patch",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2011-0013",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "Multiple vulnerabilities existed in OpenSSL, the most serious of which may lead to arbitrary code execution. These issues are addressed by updating OpenSSL to version 0.9.8r.",
"id": "CVE-2011-0014",
"impact": "Multiple vulnerabilities in OpenSSL",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "OpenSSL",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0111",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Yuzo Fujishima of Google Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0112",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Andreas Kling of Nokia",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0113",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Chris Evans of Google Chrome Security Team",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0114",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "J23 working with TippingPoint's Zero Day Initiative, and Emil A Eklund of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0115",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "an anonymous researcher working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0116",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0117",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0118",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0119",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0120",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0121",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Slawomir Blazek",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0122",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0123",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Yuzo Fujishima of Google Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0124",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0125",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Mihai Parparita of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0126",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0127",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "David Bloom",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0128",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Famlam",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0129",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Apple",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0130",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "wushi of team509",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0131",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "wushi of team509 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0132",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "wushi of team509 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0133",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Jan Tosovsky",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0134",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "an anonymous reporter",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0135",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0136",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0137",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "kuzzcc",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0138",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "kuzzcc",
"description": "Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0139",
"impact": "A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0140",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Chris Rohlf of Matasano Security",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0141",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0142",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Slawomir Blazek and Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0143",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Emil A Eklund of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0144",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0145",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0146",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Dirk Schulze",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0147",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Michal Zalewski of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0148",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "wushi of team509 working with TippingPoint's Zero Day Initiative, and SkyLined of Google Chrome Security Team",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0149",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Michael Gundlach of safariadblock.com",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0150",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0151",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "SkyLined of Google Chrome Security Team",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0152",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0153",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "an anonymous researcher working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0154",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Aki Helin of OUSPG",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0155",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google, Inc.",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0156",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Benoit Jacob of Mozilla",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0157",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Nitesh Dhanjani of Ernst & Young LLP",
"description": "A maliciously crafted website may contain javascript that repeatedly causes another application on the device to launch via its URL handler. Visiting this website with MobileSafari will cause MobileSafari to exit and the target application to be launched. This sequence would continue each time MobileSafari is opened. This issue is addressed by returning to the previous page when Safari is re-opened after another application was launched via its URL handler.",
"id": "CVE-2011-0158",
"impact": "Visiting a maliciously crafted website may cause MobileSafari to exit on launch",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "Safari",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 4.0 through 4.2.1 for iPhone 3GS and later, iOS 4.0 through 4.2.1 for iPod touch (3rd generation) and later, iOS 4.2 through 4.2.1 for iPad"
],
"credit": "Erik Wong of Google Inc.",
"description": "In some circumstances, clearing cookies via Safari Settings while Safari is running has no effect. This issue is addressed through improved handling of cookies. This issue does not affect systems prior to iOS 4.0.",
"id": "CVE-2011-0159",
"impact": "Clearing cookies in Safari Settings may have no effect",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "Safari",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "McIntosh Cooey of Twelve Hundred Group, Harald Hanche-Olsen, Chuck Hohn of 1111 Internet LLC working with CERT, and Paul Hinze of Braintree",
"description": "If a site uses HTTP Basic Authentication and redirects to another site, the authentication credentials may be sent to the other site. This issue is addressed through improved handling of credentials.",
"id": "CVE-2011-0160",
"impact": "HTTP Basic Authentication credentials may be inadvertently disclosed to another site",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Apple",
"description": "A cross-origin issue existed in WebKit's handling of the Attr.style accessor. Visiting a maliciously crafted website may allow the site to inject CSS into other documents. This issue is addressed by removing the Attr.style accessor.",
"id": "CVE-2011-0161",
"impact": "Visiting a maliciously crafted website may lead to cross-site style declarations",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 and 4.1",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Scott Boyd of ePlus Technology, inc.",
"description": "A bounds checking issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset.",
"id": "CVE-2011-0162",
"impact": "When connected to Wi-Fi, an attacker on the same network may be able to cause a device reset",
"links": [
"http://support.apple.com/en-us/HT4564",
"http://support.apple.com/en-us/HT4565"
],
"module": "Wi-Fi",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Apple",
"description": "A cache poisoning issue existed in WebKit's handling of cached resources. A maliciously crafted website may be able to prevent other sites from requesting certain resources. This issue is addressed through improved type checking.",
"id": "CVE-2011-0163",
"impact": "A maliciously crafted website may be able to prevent other sites from requesting certain resources",
"links": [
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Apple.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0164",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0165",
"impact": "A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Michal Zalewski of Google Inc.",
"description": "A cross-origin issue existed in WebKit's handling of HTML5 drag and drop. This issue is addressed by disallowing drag and drop across different origins.",
"id": "CVE-2011-0166",
"impact": "Visiting a malicious website and dragging content in the page may lead to an information disclosure",
"links": [
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Sergey Glazunov",
"description": "Multiple memory corruption issues exist in WebKit. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0168",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Andrzej Dyjak working with iDefense VCP",
"description": "A heap buffer overflow issue existed in ImageIO's handling of JPEG images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0170",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4581"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "A divide by zero issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2011-0172",
"impact": "When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "AirPort",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Alexander Strange",
"description": "A format string issue existed in AppleScript Studio's generic dialog commands (\"display dialog\" and \"display alert\"). Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0173",
"impact": "Running an AppleScript Studio-based application that allows untrusted input to be passed to a dialog may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "AppleScript",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "A heap buffer overflow issue existed in the handling of OpenType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0174",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Christoph Diehl of Mozilla, Felix Grobert of the Google Security Team, Marc Schoenefeld of Red Hat Security Response Team, Tavis Ormandy and Will Drewry of Google Security Team",
"description": "Multiple buffer overflow issues existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0175",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Felix Grobert of the Google Security Team, geekable working with TippingPoint's Zero Day Initiative",
"description": "Multiple buffer overflow issues existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0176",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Marc Schoenefeld of Red Hat Security Response Team",
"description": "Multiple buffer overflow issues existed in the handling of SFNT tables. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0177",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "",
"description": "When used with the kTemporaryFolderType flag, the FSFindFolder() API returns a directory that is world readable. This issue is addressed by returning a directory that is only readable by the user that the process is running as.",
"id": "CVE-2011-0178",
"impact": "Applications that use FSFindFolder() with the kTemporaryFolderType flag may be vulnerable to a local information disclosure",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "CarbonCore",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Christoph Diehl of Mozilla",
"description": "A memory corruption issue existed in CoreText's handling of font files. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0179",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "CoreText",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Dan Rosenberg of Virtual Security Research",
"description": "An integer overflow issue existed in the handling of the F_READBOOTSTRAP ioctl. A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem.",
"id": "CVE-2011-0180",
"impact": "A local user may be able to read arbitrary files from an HFS, HFS+, or HFS+J filesystem",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "HFS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Harry Sintonen",
"description": "An integer overflow issue existed in ImageIO's handling of XBM images. Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0181",
"impact": "Viewing a maliciously crafted XBM image may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4581"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Jeff Mears",
"description": "A privilege checking issue existed in the i386_set_ldt system call's handling of call gates. A local user may be able to execute arbitrary code with system privileges. This issue is addressed by disallowing creation of call gate entries via i386_set_ldt().",
"id": "CVE-2011-0182",
"impact": "A local user may be able to execute arbitrary code with system privileges",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Kernel",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Peter Schwenk of the University of Delaware",
"description": "An integer truncation issue existed in Libinfo's handling of NFS RPC packets. A remote attacker may be able to cause NFS RPC services such as lockd, statd, mountd, and portmap to become unresponsive.",
"id": "CVE-2011-0183",
"impact": "A remote attacker may be able to cause a denial of service on hosts that export NFS file systems",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Libinfo",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Tobias Klein working with iDefense VCP",
"description": "A memory corruption issue existed in OfficeImport's handling of Excel files.",
"id": "CVE-2011-0184",
"impact": "Downloading a maliciously crafted Excel file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4999"
],
"module": "OfficeImport",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "an anonymous reporter",
"description": "A format string vulnerability existed in Application Firewall's debug logging.",
"id": "CVE-2011-0185",
"impact": "Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Application Firewall",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Will Dormann of the CERT/CC",
"description": "Multiple memory corruption issues existed in QuickTime's handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0186",
"impact": "Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR)",
"description": "A cross-origin issue existed in CoreMedia's handling of cross-site redirects. This issue is addressed through improved origin tracking.",
"id": "CVE-2011-0187",
"impact": "Visiting a maliciously crafted website may lead to the disclosure of video data from another site",
"links": [
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4826",
"http://support.apple.com/en-us/HT4999",
"http://support.apple.com/en-us/HT5002"
],
"module": "CoreMedia",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Apple",
"description": "An integer truncation issue existed in Ruby's BigDecimal class. Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution. This issue only affects 64-bit Ruby processes.",
"id": "CVE-2011-0188",
"impact": "Running a Ruby script that uses untrusted input to create a BigDecimal object may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Ruby",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Matt Warren of HNW Inc.",
"description": "When ssh is used in Terminal's \"New Remote Connection\" dialog, SSH version 1 is selected as the default protocol version. This issue is addressed by changing the default protocol version to \"Automatic\". This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2011-0189",
"impact": "When ssh is used in Terminal's \"New Remote Connection\" dialog, SSH version 1 is selected as the default protocol version",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Terminal",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Aaron Sigel of vtty.com",
"description": "A URL processing issue in Install Helper may lead to the installation of an agent that contacts an arbitrary server when the user logs in. The dialog resulting from a connection failure may lead the user to believe that the connection was attempted with Apple. This issue is addressed by removing Install Helper.",
"id": "CVE-2011-0190",
"impact": "Visiting a maliciously crafted website may lead to the installation of an agent that contacts an arbitrary server when the user logs in, and mislead the user into thinking that the connection is with Apple",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Installer",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 and 4.1",
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad"
],
"credit": "Apple",
"description": "A buffer overflow existed in libTIFF's handling of JPEG encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0191",
"impact": "Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564",
"http://support.apple.com/en-us/HT4565",
"http://support.apple.com/en-us/HT4581"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 and 4.1",
"Apple TV 4.0 through 4.3",
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.2.1 for iPhone 3GS and later, iOS 3.1 through 4.2.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.2.1 for iPad",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Apple",
"description": "A buffer overflow existed in libTIFF's handling of CCITT Group 4 encoded TIFF images.",
"id": "CVE-2011-0192",
"impact": "Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4554",
"http://support.apple.com/en-us/HT4564",
"http://support.apple.com/en-us/HT4565",
"http://support.apple.com/en-us/HT4581",
"http://support.apple.com/en-us/HT4999",
"http://support.apple.com/en-us/HT5001"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Paul Harrington of NGS Secure",
"description": "Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0193",
"impact": "Viewing a maliciously crafted Canon RAW image may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "Image RAW",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6"
],
"credit": "Dominic Chell of NGS Secure",
"description": "An integer overflow issue existed in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. This issue does not affect systems prior to Mac OS X v10.6.",
"id": "CVE-2011-0194",
"impact": "Viewing a maliciously crafted JPEG-encoded TIFF image may result in an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4581"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.1 for iPhone 3GS and later, iOS 3.1 through 4.3.1 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.1 for iPad"
],
"credit": "Chris Evans of the Google Chrome Security Team",
"description": "libxslt's implementation of the generate-id() XPath function disclosed the address of a heap buffer. Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap. This issue is addressed by generating an ID based on the difference between the addresses of two heap buffers. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004.",
"id": "CVE-2011-0195",
"impact": "Visiting a maliciously crafted website may lead to the disclosure of addresses on the heap",
"links": [
"http://support.apple.com/en-us/HT4606",
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808"
],
"module": "libxslt",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8"
],
"credit": "",
"description": "An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6",
"id": "CVE-2011-0196",
"impact": "When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "AirPort",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Paul Nelson",
"description": "In certain circumstances, App Store may log the user's AppleID password to a file that is not readable by other users on the system. This issue is addressed through improved handling of credentials.",
"id": "CVE-2011-0197",
"impact": "The user's AppleID password may be logged to a local file",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "App Store",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Harry Sintonen, Marc Schoenefeld of the Red Hat Security Response Team",
"description": "A heap buffer overflow issue existed in the handling of TrueType fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution.",
"id": "CVE-2011-0198",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Chris Hawk and Wan-Teh Chang of Google",
"description": "An error handling issue existed in the Certificate Trust Policy. If an Extended Validation (EV) certificate has no OCSP URL, and CRL checking is enabled, the CRL will not be checked and a revoked certificate may be accepted as valid. This issue is mitigated as most EV certificates specify an OCSP URL.",
"id": "CVE-2011-0199",
"impact": "An attacker with a privileged network position may intercept user credentials or other sensitive information",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "Certificate Trust Policy",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later."
],
"credit": "binaryproof working with TippingPoint's Zero Day Initiative.",
"description": "An integer overflow existed in the handling of images with an embedded ColorSync profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0200",
"impact": "Viewing a maliciously crafted image with an embedded ColorSync profile may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "ColorSync",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Harry Sintonen",
"description": "An off-by-one buffer overflow issue existed in the handling of CFStrings. Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.",
"id": "CVE-2011-0201",
"impact": "Applications that use the CoreFoundation framework may be vulnerable to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808"
],
"module": "CoreFoundation",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Cristian Draghici of Modulo Consulting, Felix Grobert of the Google Security Team",
"description": "An integer overflow issue existed in the handling of Type 1 fonts. Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. For Mac OS X v10.5 systems, this issue is addressed in Security Update 2011-004.",
"id": "CVE-2011-0202",
"impact": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808"
],
"module": "CoreGraphics",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.6 through v10.6.7"
],
"credit": "team karlkani",
"description": "A path validation issue existed in xftpd. A person with FTP access may perform a recursive directory listing starting from the root, including directories that are not shared for FTP. The listing will eventually include any file that would be accessible to the FTP user. The contents of files are not disclosed. This issue is addressed through improved path validation. This issue only affects Mac OS X Server systems.",
"id": "CVE-2011-0203",
"impact": "A person with FTP access may list files on the system",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "FTP Server",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later."
],
"credit": "Dominic Chell of NGS Secure.",
"description": "A heap buffer overflow existed in ImageIO's handling of TIFF images. This issue does not affect OS X Lion systems. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8.",
"id": "CVE-2011-0204",
"impact": "Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Harry Sintonen",
"description": "A heap buffer overflow issue existed in ImageIO's handling of JPEG2000 images. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.",
"id": "CVE-2011-0205",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "David Bienvenu of Mozilla",
"description": "A buffer overflow issue existed in ICU's generation of collation keys for long strings of mostly uppercase letters.",
"id": "CVE-2011-0206",
"impact": "Applications that use ICU may be vulnerable to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4999"
],
"module": "International Components for Unicode",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Aaron Sigel of vtty.com",
"description": "When communicating with MobileMe to determine a user's email aliases, Mail will make requests over HTTP. As a result, an attacker with a privileged network position may read a user's MobileMe email aliases. This issue is addressed by using SSL to access the user's email aliases.",
"id": "CVE-2011-0207",
"impact": "An attacker with a privileged network position may read a user's MobileMe email aliases",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "MobileMe",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Tobias Klein working with iDefense VCP",
"description": "A memory corruption issue existed in OfficeImport's handling of Microsoft Office files.",
"id": "CVE-2011-0208",
"impact": "Downloading a maliciously crafted Microsoft Office file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4999"
],
"module": "OfficeImport",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Luigi Auriemma working with TippingPoint's Zero Day Initiative",
"description": "An integer overflow existed in QuickTime's handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0209",
"impact": "Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Honggang Ren of Fortinet's FortiGuard Labs",
"description": "A memory corruption issue existed in QuickTime's handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0210",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Luigi Auriemma working with TippingPoint's Zero Day Initiative",
"description": "An integer overflow existed in QuickTime's handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0211",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X Server v10.5.8, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Apple",
"description": "An XML External Entity issue exists in servermgrd's handling of XML-RPC requests. This issue is addressed by removing servermgrd's XML-RPC interface. This issue only affects Mac OS X Server systems.",
"id": "CVE-2011-0212",
"impact": "A remote attacker may be able to read arbitrary files from the system",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "servermgrd",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Luigi Auriemma working with iDefense VCP",
"description": "A buffer overflow existed in QuickTime's handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0213",
"impact": "Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723",
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "an anonymous reporter",
"description": "CFNetwork did not properly validate that a certificate was trusted for use by a SSL server. As a result, if the user had marked a system root certificate as not trusted, Safari would still accept certificates signed by that root. This issue is addressed through improved certificate validation. This issue does not affect Mac OS X systems.",
"id": "CVE-2011-0214",
"impact": "A root certificate that is disabled may still be trusted",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "CFNetwork",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later."
],
"credit": "Juan Pablo Lopez Yacubian working with iDefense VCP.",
"description": "A reentrancy issue existed in ImageIO's handling of TIFF images. This issue does not affect Mac OS X systems.",
"id": "CVE-2011-0215",
"impact": "Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 through 4.3",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Billy Rios of the Google Security Team",
"description": "A one-byte heap buffer overflow existed in libxml's handling of XML data.",
"id": "CVE-2011-0216",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4999",
"http://support.apple.com/en-us/HT5001"
],
"module": "libxml",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later"
],
"credit": "Florian Rienhardt of BSI, Alex Lambert, Jeremiah Grossman",
"description": "Safari's \"AutoFill web forms\" feature filled in non-visible form fields, and the information was accessible by scripts on the site before the user submitted the form. This issue is addressed by displaying all fields that will be filled, and requiring the user's consent before AutoFill information is available to the form.",
"id": "CVE-2011-0217",
"impact": "If the \"AutoFill web forms\" feature is enabled, visiting a maliciously crafted website and typing may lead to the disclosure of information from the user's Address Book",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "Safari",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "SkyLined of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0218",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later"
],
"credit": "Joshua Smith of Kaon Interactive",
"description": "A cross origin issue existed in the handling of Java Applets. This applies when Java is enabled in Safari, and Java is configured to run within the browser process. Fonts loaded by a Java applet could affect the display of text content from other sites. This issue is addressed by running Java applets in a separate process.",
"id": "CVE-2011-0219",
"impact": "With a certain Java configuration, visiting a malicious website may lead to unexpected text being displayed on other sites",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "Safari",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0221",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Nikita Tarakanov and Alex Bazhanyuk of the CISS Research Team, and Abhishek Arya (Inferno) of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0222",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Jose A. Vazquez of spa-s3c.blogspot.com working with iDefense VCP.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0223",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Apple",
"description": "Multiple memory corruption issues existed in the handling of QuickTime movie files. These issues do not affect OS X Lion systems.",
"id": "CVE-2011-0224",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "CoreMedia",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0225",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1",
"iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad",
"iOS 4.2.5 through 4.2.8 for iPhone 4 (CDMA model)"
],
"credit": "",
"description": "A signedness issue existed in FreeType's handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.6. This issue does not affect systems prior to OS X Lion. Further information is available via the FreeType site at http://www.freetype.org/",
"id": "CVE-2011-0226",
"impact": "Viewing a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4802",
"http://support.apple.com/en-us/HT4803",
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.3.3 for iPhone 3GS and iPhone 4 (GSM model), iOS 3.1 through 4.3.3 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.3 for iPad",
"iOS 4.2.5 through 4.2.8 for iPhone 4 (CDMA model)"
],
"credit": "comex",
"description": "An invalid type conversion issue exists in the use of IOMobileFrameBuffer queueing primitives, which may allow malicious code running as the user to gain system privileges.",
"id": "CVE-2011-0227",
"impact": "Malicious code running as the user may gain system privileges",
"links": [
"http://support.apple.com/en-us/HT4802",
"http://support.apple.com/en-us/HT4803"
],
"module": "IOMobileFrameBuffer",
"rsr": "",
"update": ""
},
{
"available": [
"iOS 3.0 through 4.3.4 for iPhone 3GS and iPhone 4 (GSM), iOS 3.1 through 4.3.4 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.4 for iPad",
"iOS 4.2.5 through 4.2.9 for iPhone 4 (CDMA)"
],
"credit": "Gregor Kopf of Recurity Labs on behalf of BSI, and Paul Kehrer of Trustwave's SpiderLabs",
"description": "A certificate chain validation issue existed in the handling of X.509 certificates. An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS. Other attacks involving X.509 certificate validation may also be possible. This issue is addressed through improved validation of X.509 certificate chains.",
"id": "CVE-2011-0228",
"impact": "An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS",
"links": [
"http://support.apple.com/en-us/HT4824",
"http://support.apple.com/en-us/HT4825"
],
"module": "Data Security",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Will Dormann of the CERT/CC",
"description": "An out of bounds memory access issue existed in ATS' handling of Type 1 fonts. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0229",
"impact": "Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "Steven Michaud of Mozilla",
"description": "A buffer overflow issue existed in the ATSFontDeactivate API.",
"id": "CVE-2011-0230",
"impact": "Applications which use the ATSFontDeactivate API may be vulnerable to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "ATS",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Martin Tessarek, Steve Riggins of Geeks R Us, Justin C. Walker, and Stephen Creswell",
"description": "A synchronization issue existed in CFNetwork's handling of cookie policies. Safari's cookie preferences may not be honored, allowing websites to set cookies that would be blocked were the preference enforced. This update addresses the issue through improved handling of cookie storage.",
"id": "CVE-2011-0231",
"impact": "Safari may store cookies it is not configured to accept",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "CFNetwork",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "J23 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0232",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "wushi of team509 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0233",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Rob King working with TippingPoint's Zero Day Initiative, wushi of team509 working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0234",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Abhishek Arya (Inferno) of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0235",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "wushi of team509 working with iDefense VCP.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0237",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Adam Barth of Google Chrome Security Team",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0238",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "wushi of team509 working with iDefense VCP.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0240",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Apple TV 4.0 through 4.3",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Cyril CATTIAUX of Tessi Technologies",
"description": "A heap buffer overflow existed in ImageIO's handling of CCITT Group 4 encoded TIFF images.",
"id": "CVE-2011-0241",
"impact": "Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4999",
"http://support.apple.com/en-us/HT5001"
],
"module": "ImageIO",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Jobert Abma of Online24",
"description": "A cross-origin issue existed in the handling of URLs with an embedded username. This issue is addressed through improved handling of URLs with an embedded username.",
"id": "CVE-2011-0242",
"impact": "Visiting a maliciously crafted website may lead to a cross-site scripting attack",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later"
],
"credit": "Jason Hullinger",
"description": "A canonicalization issue existed in the handling of URLs. Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to arbitrary files being sent from the user's system to a remote server. This update addresses the issue through improved handling of URLs.",
"id": "CVE-2011-0244",
"impact": "Subscribing to a maliciously crafted RSS feed and clicking on a link within it may lead to an information disclosure",
"links": [
"http://support.apple.com/en-us/HT4808"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later"
],
"credit": "Subreption LLC working with TippingPoint's Zero Day Initiative",
"description": "A buffer overflow existed in QuickTime's handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0245",
"impact": "Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program",
"description": "A heap buffer overflow existed in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.",
"id": "CVE-2011-0246",
"impact": "Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Roi Mallo and Sherab Giovannini working with TippingPoint's Zero Day Initiative",
"description": "Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems.",
"id": "CVE-2011-0247",
"impact": "Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Chkr_d591 working with TippingPoint's Zero Day Initiative",
"description": "A stack buffer overflow existed in the QuickTime ActiveX control's handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.",
"id": "CVE-2011-0248",
"impact": "Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative",
"description": "A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0249",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826",
"http://support.apple.com/en-us/HT5002"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative",
"description": "A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0250",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826",
"http://support.apple.com/en-us/HT5002"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative",
"description": "A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0251",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826",
"http://support.apple.com/en-us/HT5002"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later",
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative",
"description": "A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. This issue does not affect OS X Lion systems.",
"id": "CVE-2011-0252",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826",
"http://support.apple.com/en-us/HT5002"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Richard Keen.",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0253",
"impact": "A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "An anonymous researcher working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0254",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.8 or later, Mac OS X Server v10.6.8 or later, Windows 7, Vista, XP SP2 or later",
"Windows 7, Vista, XP SP2 or later",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "An anonymous reporter working with TippingPoint's Zero Day Initiative",
"description": "Multiple memory corruption issues existed in WebKit.",
"id": "CVE-2011-0255",
"impact": "Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4808",
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999"
],
"module": "WebKit",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later"
],
"credit": "An anonymous researcher working with TippingPoint's Zero Day Initiative",
"description": "An integer overflow existed in the handling of track run atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect Mac OS X v10.7 systems.",
"id": "CVE-2011-0256",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later"
],
"credit": "Matt 'j00ru' Jurczyk working with TippingPoint's Zero Day Initiative",
"description": "A stack buffer overflow existed in the handling of PICT files. Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X v10.7 systems.",
"id": "CVE-2011-0257",
"impact": "Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Windows 7, Vista, XP SP2 or later"
],
"credit": "Damian Put working with TippingPoint's Zero Day Initiative",
"description": "A memory corruption issue existed in the handling of image descriptions in QuickTime movie files. This issue does not affect Mac OS X systems.",
"id": "CVE-2011-0258",
"impact": "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4826"
],
"module": "QuickTime",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8",
"Windows 7, Vista, XP SP2 or later.",
"iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later, iOS 3.2 through 4.3.5 for iPad"
],
"credit": "Apple",
"description": "A memory corruption issue existed in CoreFoundation's handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.",
"id": "CVE-2011-0259",
"impact": "Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4981",
"http://support.apple.com/en-us/HT4999",
"http://support.apple.com/en-us/HT5002"
],
"module": "CoreFoundation",
"rsr": "",
"update": ""
},
{
"available": [
"OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "Clint Tseng of the University of Washington, Michael Kobb, and Adam Kemp",
"description": "A system window, such as a VPN password prompt, that appeared while the screen was locked may have accepted keystrokes while the screen was locked. This issue is addressed by preventing system windows from requesting keystrokes while the screen is locked. This issue does not affect systems prior to OS X Lion.",
"id": "CVE-2011-0260",
"impact": "A person with physical access to a system may partially bypass the screen lock",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "CoreProcesses",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Postfix is updated to version 2.5.14 to address multiple vulnerabilities, the most serious of which may allow an attacker in a privileged network position to manipulate the mail session to obtain sensitive information from the encrypted traffic. These issues should not affect OS X Lion systems. More information is available via the Postfix site at",
"id": "CVE-2011-0411",
"impact": "Multiple vulnerabilities in Postfix",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "postfix",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7 and v10.7.1, OS X Lion Server v10.7 and v10.7.1"
],
"credit": "",
"description": "Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service. CVE-2011-0419 does not affect OS X Lion systems. Further information is available via the Apache web site at",
"id": "CVE-2011-0419",
"impact": "Multiple vulnerabilities in Apache",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Apache",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at",
"id": "CVE-2011-0420",
"impact": "Multiple vulnerabilities in PHP 5.3.4",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at",
"id": "CVE-2011-0421",
"impact": "Multiple vulnerabilities in PHP 5.3.4",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Tomcat is updated to version 6.0.32 to address multiple vulnerabilities, the most serious of which may lead to a cross site scripting attack. Tomcat is only provided on Mac OS X Server systems. This issue does not affect OS X Lion systems. Further information is available via the Tomcat site at",
"id": "CVE-2011-0534",
"impact": "Multiple vulnerabilities in Tomcat 6.0.24",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Tomcat",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "Multiple cross-site scripting issues existed in Mailman 2.1.14. These issues are addressed by improved encoding of characters in HTML output. Further information is available via the Mailman site at",
"id": "CVE-2011-0707",
"impact": "Multiple vulnerabilities in Mailman 2.1.14",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "Mailman",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.6.8, Mac OS X Server v10.6.8"
],
"credit": "",
"description": "PHP is updated to version 5.3.6 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. This issues do not affect OS X Lion systems. Further information is available via the PHP website at",
"id": "CVE-2011-0708",
"impact": "Multiple vulnerabilities in PHP 5.3.4",
"links": [
"http://support.apple.com/en-us/HT5002"
],
"module": "PHP",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "",
"description": "A null dereference issue existed in Subversion's handling of lock tokens sent over HTTP. If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service. For Mac OS X v10.6 systems, Subversion is updated to version 1.6.6. For Mac OS X v10.5.8 systems, the issue is addressed through additional validation of lock tokens. Further information is available via the Subversion web site at",
"id": "CVE-2011-0715",
"impact": "If an http based Subversion server is configured, a remote attacker may be able to cause a denial of service",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "subversion",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6 through v10.6.7, Mac OS X Server v10.6 through v10.6.7"
],
"credit": "Volker Lendecke of SerNet",
"description": "A memory corruption issue existed in Samba's handling of file descriptors. If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution.",
"id": "CVE-2011-0719",
"impact": "If SMB file sharing is enabled, a remote attacker may cause a denial of service or arbitrary code execution",
"links": [
"http://support.apple.com/en-us/HT4723"
],
"module": "Samba",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Server v10.5.8",
"Mac OS X v10.6.6 and later, Mac OS X Server v10.6.6 and later"
],
"credit": "",
"description": "Multiple vulnerabilities exist in Java 1.6.0_24, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_26. Further information is available via the Java website at",
"id": "CVE-2011-0802",
"impact": "Multiple vulnerabilities in Java 1.6.0_24",
"links": [
"http://support.apple.com/en-us/HT4738",
"http://support.apple.com/en-us/HT4739"
],
"module": "Java",
"rsr": "",
"update": ""
},
{
"available": [
"Mac OS X v10.5.8, Mac OS X Serv
gitextract_69hxtqe0/ ├── .gitignore ├── 2011/ │ ├── 2011.json │ └── README.md ├── 2012/ │ ├── 2012.json │ └── README.md ├── 2013/ │ ├── 2013.json │ └── README.md ├── 2014/ │ ├── 2014.json │ └── README.md ├── 2015/ │ ├── 2015.json │ └── README.md ├── 2016/ │ ├── 2016.json │ └── README.md ├── 2017/ │ ├── 2017.json │ └── README.md ├── 2018/ │ ├── 2018.json │ └── README.md ├── 2019/ │ ├── 2019.json │ └── README.md ├── 2020/ │ ├── 2020.json │ └── README.md ├── 2021/ │ ├── 2021.json │ └── README.md ├── 2022/ │ ├── 2022.json │ └── README.md ├── 2023/ │ ├── 2023.json │ └── README.md ├── 2024/ │ ├── 2024.json │ └── README.md ├── 2025/ │ ├── 2025.json │ └── README.md ├── 2026/ │ ├── 2026.json │ └── README.md └── README.md
Condensed preview — 34 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (7,592K chars).
[
{
"path": ".gitignore",
"chars": 1407,
"preview": "# Xcode\n#\n# gitignore contributors: remember to update Global/Xcode.gitignore, Objective-C.gitignore & Swift.gitignore\n\n"
},
{
"path": "2011/2011.json",
"chars": 331636,
"preview": "[\n {\n \"available\": [\n \"Mac OS X v10.6 through v10.6.6, Mac OS X Server v10.6 through v10.6.6\"\n "
},
{
"path": "2011/README.md",
"chars": 2059,
"preview": "# Apple CVE 2011\n* data source: https://support.apple.com/en-us/HT201222\n* [2011.json](2011.json)\n\n## Modules\n| Index | "
},
{
"path": "2012/2012.json",
"chars": 415009,
"preview": "[\n {\n \"available\": [\n \"Mac OS X v10.6.8, Mac OS X Server v10.6.8\"\n ], \n \"credit\": \"\","
},
{
"path": "2012/README.md",
"chars": 1756,
"preview": "# Apple CVE 2012\n* data source: https://support.apple.com/en-us/HT201222\n* [2012.json](2012.json)\n\n## Modules\n| Index | "
},
{
"path": "2013/2013.json",
"chars": 329171,
"preview": "[\n {\n \"available\": [\n \"Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7 to v10.7.5, OS X Li"
},
{
"path": "2013/README.md",
"chars": 2539,
"preview": "# Apple CVE 2013\n* data source: https://support.apple.com/en-us/HT201222\n* [2013.json](2013.json)\n\n## Modules\n| Index | "
},
{
"path": "2014/2014.json",
"chars": 286056,
"preview": "[\n {\n \"available\": [\n \"\", \n \"Apple TV 3rd generation and later\", \n \"iPhone 4s"
},
{
"path": "2014/README.md",
"chars": 3164,
"preview": "# Apple CVE 2014\n* data source: https://support.apple.com/en-us/HT201222\n* [2014.json](2014.json)\n\n## Modules\n| Index | "
},
{
"path": "2015/2015.json",
"chars": 625497,
"preview": "[\n {\n \"available\": [\n \"OS X Yosemite v10.10 to v10.10.4\"\n ], \n \"credit\": \"\", \n "
},
{
"path": "2015/README.md",
"chars": 6032,
"preview": "# Apple CVE 2015\n* data source: https://support.apple.com/en-us/HT201222\n* [2015.json](2015.json)\n\n## Modules\n| Index | "
},
{
"path": "2016/2016.json",
"chars": 438678,
"preview": "[\n {\n \"available\": [\n \"OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11.4"
},
{
"path": "2016/README.md",
"chars": 4706,
"preview": "# Apple CVE 2016\n* data source: https://support.apple.com/en-us/HT201222\n* [2016.json](2016.json)\n\n## Modules\n| Index | "
},
{
"path": "2017/2017.json",
"chars": 549483,
"preview": "[\n {\n \"available\": [\n \"macOS 10.12.4 and later\"\n ], \n \"credit\": \"\", \n \"descrip"
},
{
"path": "2017/README.md",
"chars": 4727,
"preview": "# Apple CVE 2017\n* data source: https://support.apple.com/en-us/HT201222\n* [2017.json](2017.json)\n\n## Modules\n| Index | "
},
{
"path": "2018/2018.json",
"chars": 390201,
"preview": "[\n {\n \"available\": [\n \"iMac (21.5-inch, Late 2012), iMac (27-inch, Late 2012), iMac (21.5-inch, Lat"
},
{
"path": "2018/README.md",
"chars": 3336,
"preview": "# Apple CVE 2018\n* data source: https://support.apple.com/en-us/HT201222\n* [2018.json](2018.json)\n\n## Modules\n| Index | "
},
{
"path": "2019/2019.json",
"chars": 402022,
"preview": "[\n {\n \"available\": [\n \"macOS Mojave 10.14.6, macOS High Sierra 10.13.6, macOS Catalina 10.15\"\n "
},
{
"path": "2019/README.md",
"chars": 3969,
"preview": "# Apple CVE 2019\n* data source: https://support.apple.com/en-us/HT201222\n* [2019.json](2019.json)\n\n## Modules\n| Index | "
},
{
"path": "2020/2020.json",
"chars": 392332,
"preview": "[\n {\n \"available\": [\n \"Apple TV 4K and Apple TV HD\", \n \"Apple Watch Series 1 and later\","
},
{
"path": "2020/README.md",
"chars": 3542,
"preview": "# Apple CVE 2020\n* data source: https://support.apple.com/en-us/HT201222\n* [2020.json](2020.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2021/2021.json",
"chars": 440562,
"preview": "[\n {\n \"available\": [\n \"Apple TV 4K and Apple TV HD\", \n \"Apple Watch Series 3 and later\","
},
{
"path": "2021/README.md",
"chars": 4585,
"preview": "# Apple CVE 2021\n* data source: https://support.apple.com/en-us/HT201222\n* [2021.json](2021.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2022/2022.json",
"chars": 449082,
"preview": "[\n {\n \"available\": [\n \"iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th g"
},
{
"path": "2022/README.md",
"chars": 4250,
"preview": "# Apple CVE 2022\n* data source: https://support.apple.com/en-us/HT201222\n* [2022.json](2022.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2023/2023.json",
"chars": 506494,
"preview": "[\n {\n \"available\": [\n \"iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later"
},
{
"path": "2023/README.md",
"chars": 5767,
"preview": "# Apple CVE 2023\n* data source: https://support.apple.com/en-us/HT201222\n* [2023.json](2023.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2024/2024.json",
"chars": 526880,
"preview": "[\n {\n \"available\": [\n \"macOS Sequoia\"\n ], \n \"credit\": \"\", \n \"description\": \"Th"
},
{
"path": "2024/README.md",
"chars": 5356,
"preview": "# Apple CVE 2024\n* data source: https://support.apple.com/en-us/HT201222\n* [2024.json](2024.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2025/2025.json",
"chars": 657691,
"preview": "[\n {\n \"available\": [\n \"macOS Sequoia\"\n ], \n \"credit\": \"\", \n \"description\": \"Th"
},
{
"path": "2025/README.md",
"chars": 6562,
"preview": "# Apple CVE 2025\n* data source: https://support.apple.com/en-us/HT201222\n* [2025.json](2025.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "2026/2026.json",
"chars": 261495,
"preview": "[\n {\n \"available\": [\n \"iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), i"
},
{
"path": "2026/README.md",
"chars": 3360,
"preview": "# Apple CVE 2026\n* data source: https://support.apple.com/en-us/HT201222\n* [2026.json](2026.json)\n\n## ITW\n| Index | CVE "
},
{
"path": "README.md",
"chars": 2871,
"preview": "# Apple CVE List\n* data source: https://support.apple.com/en-us/HT201222\n\n1. [2011](./2011/), count: 400\n2. [2012](./201"
}
]
About this extraction
This page contains the full source code of the Proteas/apple-cve GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 34 files (6.7 MB), approximately 1.8M tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.