Apple iOS vulnerabilities

CVE-2012-3607 [CRITICAL] CWE-119 CVE-2012-3607: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-3606 [CRITICAL] CWE-119 CVE-2012-3606: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-3687 [CRITICAL] CWE-119 CVE-2012-3687: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-3621 [CRITICAL] CWE-119 CVE-2012-3621: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-3701 [CRITICAL] CWE-119 CVE-2012-3701: WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or ca WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

CVE-2012-2871 [MEDIUM] CVE-2012-2871: libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly suppo libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

CVE-2012-2870 [MEDIUM] CWE-399 CVE-2012-2870: libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage m libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/patte

CVE-2012-2857 [MEDIUM] CWE-399 CVE-2012-2857: Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.

CVE-2012-2824 [HIGH] CWE-399 CVE-2012-2824: Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.

CVE-2012-2807 [MEDIUM] CWE-189 CVE-2012-2807: Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other produc Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-3102 [MEDIUM] CWE-189 CVE-2011-3102: Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVE-2012-0674 [MEDIUM] CWE-20 CVE-2012-0674: Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a craft Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

CVE-2012-0672 [MEDIUM] CWE-119 CVE-2012-0672: WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

CVE-2011-3081 [CRITICAL] CVE-2011-3081: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3078.

CVE-2012-1521 [MEDIUM] CWE-416 CVE-2012-1521: Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote a Use-after-free vulnerability in the XML parser in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-3078 [MEDIUM] CWE-416 CVE-2011-3078: Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081.

CVE-2011-3071 [MEDIUM] CWE-416 CVE-2011-3071: Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.102 Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-3068 [MEDIUM] CWE-416 CVE-2011-3068: Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome bef Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to run-in boxes.

CVE-2011-3076 [MEDIUM] CWE-416 CVE-2011-3076: Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to focus handling.

CVE-2011-3067 [MEDIUM] CWE-346 CVE-2011-3067: Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vect Google Chrome before 18.0.1025.151 allows remote attackers to bypass the Same Origin Policy via vectors related to replacement of IFRAME elements.