Vulnerabilities > Apple > Iphone OS > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-03-09 | CVE-2011-3046 | Cross-Site Scripting vulnerability in Google Chrome The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue. | 10.0 |
| 2012-03-08 | CVE-2012-0646 | USE of Externally-Controlled Format String vulnerability in Apple Iphone OS Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file. | 9.3 |
| 2012-03-08 | CVE-2012-0645 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient. | 1.2 |
| 2012-03-08 | CVE-2012-0644 | Race Condition vulnerability in Apple Iphone OS Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture. | 6.9 |
| 2012-03-08 | CVE-2012-0643 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | 9.3 |
| 2012-03-08 | CVE-2012-0642 | Numeric Errors vulnerability in Apple Iphone OS Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image. | 9.3 |
| 2012-03-08 | CVE-2012-0641 | Improper Input Validation vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447. | 5.0 |
| 2012-03-08 | CVE-2012-0635 | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0633 | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |
| 2012-03-08 | CVE-2012-0632 | Buffer Errors vulnerability in Apple Iphone OS and Itunes WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | 9.3 |