Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2012-03-30 CVE-2011-3058 Cross-Site Scripting vulnerability in Google Chrome
Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP encoding system, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
google apple CWE-79
4.3
2012-03-22 CVE-2011-3056 Origin Validation Error vulnerability in Google Chrome
Google Chrome before 17.0.963.83 allows remote attackers to bypass the Same Origin Policy via vectors involving a "magic iframe."
6.8
2012-03-22 CVE-2011-3053 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting.
6.8
2012-03-22 CVE-2011-3050 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.
6.8
2012-03-09 CVE-2011-3046 Cross-Site Scripting vulnerability in Google Chrome
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
network
low complexity
google opensuse apple CWE-79
critical
10.0
2012-03-08 CVE-2012-0646 USE of Externally-Controlled Format String vulnerability in Apple Iphone OS
Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
network
apple CWE-134
critical
9.3
2012-03-08 CVE-2012-0645 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.
local
high complexity
apple CWE-264
1.2
2012-03-08 CVE-2012-0644 Race Condition vulnerability in Apple Iphone OS
Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.
local
apple CWE-362
6.9
2012-03-08 CVE-2012-0643 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.
network
apple CWE-264
critical
9.3
2012-03-08 CVE-2012-0642 Numeric Errors vulnerability in Apple Iphone OS
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image.
network
apple CWE-189
critical
9.3