Vulnerabilities > Apple > Iphone OS > 3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-11-11 | CVE-2011-3439 | Out-Of-Bounds Write vulnerability in multiple products FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document. | 9.3 |
| 2011-10-14 | CVE-2011-3434 | Credentials Management vulnerability in Apple Iphone OS The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
| 2011-10-14 | CVE-2011-3432 | Resource Management Errors vulnerability in Apple Iphone OS The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog. | 5.0 |
| 2011-10-14 | CVE-2011-3431 | Information Exposure vulnerability in Apple Iphone OS The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen. | 2.1 |
| 2011-10-14 | CVE-2011-3430 | Unspecified vulnerability in Apple Iphone OS The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display. | 9.3 |
| 2011-10-14 | CVE-2011-3429 | Credentials Management vulnerability in Apple Iphone OS The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file. | 2.1 |
| 2011-10-14 | CVE-2011-3427 | Information Exposure vulnerability in Apple TV and Iphone OS The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | 2.6 |
| 2011-10-14 | CVE-2011-3426 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header. | 4.3 |
| 2011-10-14 | CVE-2011-3261 | Code Injection vulnerability in Apple Iphone OS Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet. | 6.8 |
| 2011-10-14 | CVE-2011-3260 | Code Injection vulnerability in Apple Iphone OS Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document. | 6.8 |