Vulnerabilities > Apple > Iphone OS > 3.1

DATE CVE VULNERABILITY TITLE RISK
2011-10-14 CVE-2011-3259 Resource Management Errors vulnerability in Apple TV and Iphone OS
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
network
low complexity
apple CWE-399
5.0
2011-10-14 CVE-2011-3257 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
local
low complexity
apple CWE-264
2.1
2011-10-14 CVE-2011-3256 Code Injection vulnerability in Apple Iphone OS
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
network
apple CWE-94
4.3
2011-10-14 CVE-2011-3255 Credentials Management vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
network
apple CWE-255
4.3
2011-10-14 CVE-2011-3253 Information Exposure vulnerability in Apple Iphone OS
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
network
high complexity
apple CWE-200
2.6
2011-10-14 CVE-2011-3246 Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
network
low complexity
apple CWE-200
5.0
2011-10-14 CVE-2011-3245 Credentials Management vulnerability in Apple Iphone OS
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
local
low complexity
apple CWE-255
2.1
2011-10-14 CVE-2011-3243 Cross-Site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
network
apple CWE-79
4.3
2011-09-19 CVE-2011-3234 Out-Of-Bounds Read vulnerability in Google Chrome
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
network
low complexity
google apple CWE-125
5.0
2011-08-29 CVE-2011-0228 Improper Input Validation vulnerability in Apple Iphone OS
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
network
low complexity
apple CWE-20
7.5