Vulnerabilities > Apple > Iphone OS > 1.1.4

DATE CVE VULNERABILITY TITLE RISK
2011-03-11 CVE-2011-0163 Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack.
network
apple CWE-20
4.3
2011-03-11 CVE-2011-0162 Improper Input Validation vulnerability in Apple TV, Iphone OS and Tvos
Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not properly perform bounds checking for Wi-Fi frames, which allows remote attackers to cause a denial of service (device reset) via unspecified traffic on the local wireless network.
network
low complexity
apple CWE-20
7.8
2011-03-11 CVE-2011-0161 Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets (CSS) token sequences via a crafted web site.
network
apple CWE-20
4.3
2011-03-11 CVE-2011-0160 Improper Input Validation vulnerability in Apple Iphone OS, Safari and Webkit
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
network
low complexity
apple CWE-20
5.0
2011-03-11 CVE-2011-0158 Improper Input Validation vulnerability in Apple Iphone OS
MobileSafari in Apple iOS before 4.3 does not properly implement application launching through URL handlers, which allows remote attackers to cause a denial of service (persistent application crash) via crafted JavaScript code.
network
apple CWE-20
4.3
2011-03-11 CVE-2011-0157 Buffer Errors vulnerability in Apple Iphone OS and Webkit
WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.
network
low complexity
apple CWE-119
7.5
2011-03-11 CVE-2011-1417 Numeric Errors vulnerability in Apple Iphone OS, mac OS X and mac OS X Server
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
network
apple CWE-189
6.8
2011-03-11 CVE-2011-1204 Improper Input Validation vulnerability in Google Chrome
Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document.
network
google apple CWE-20
6.8
2011-03-11 CVE-2011-1203 Multiple Security vulnerability in Google Chrome
Google Chrome before 10.0.648.127 does not properly handle SVG cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
network
low complexity
google apple
7.5
2011-03-11 CVE-2011-1190 Information Exposure vulnerability in Google Chrome
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
network
low complexity
google apple CWE-200
5.0