Vulnerabilities > Apple > Iphone OS > 4.2.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3255 | Credentials Management vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
| 2011-10-14 | CVE-2011-3254 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | 4.3 |
| 2011-10-14 | CVE-2011-3253 | Information Exposure vulnerability in Apple Iphone OS CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | 2.6 |
| 2011-10-14 | CVE-2011-3246 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
| 2011-10-14 | CVE-2011-3245 | Credentials Management vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | 2.1 |
| 2011-10-14 | CVE-2011-3243 | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
| 2011-09-19 | CVE-2011-3234 | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
| 2011-08-29 | CVE-2011-0228 | Improper Input Validation vulnerability in Apple Iphone OS The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. | 7.5 |
| 2011-07-19 | CVE-2011-0227 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | 7.2 |
| 2011-07-19 | CVE-2011-0226 | Numeric Errors vulnerability in multiple products Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | 9.3 |