Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3253 | Information Exposure vulnerability in Apple Iphone OS CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | 2.6 |
| 2011-10-14 | CVE-2011-3246 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
| 2011-10-14 | CVE-2011-3245 | Credentials Management vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | 2.1 |
| 2011-10-14 | CVE-2011-3243 | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
| 2011-10-14 | CVE-2011-3242 | Information Exposure vulnerability in Apple Safari The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. | 5.0 |
| 2011-10-14 | CVE-2011-3231 | Code Injection vulnerability in Apple Safari The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | 6.8 |
| 2011-10-14 | CVE-2011-3230 | Permissions, Privileges, and Access Controls vulnerability in Apple Safari Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | 6.8 |
| 2011-10-14 | CVE-2011-3229 | Path Traversal vulnerability in Apple Safari Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL. | 6.8 |
| 2011-10-14 | CVE-2011-3228 | Code Injection vulnerability in Apple mac OS X and mac OS X Server QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file. | 6.8 |
| 2011-10-14 | CVE-2011-3227 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.2 does not properly handle errors during processing of a nonstandard extension in a Certificate Revocation list (CRL), which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) a crafted (1) web site or (2) e-mail message. | 6.8 |