Vulnerabilities > Apple > Iphone OS > 4.3.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-14 | CVE-2011-3256 | Code Injection vulnerability in Apple Iphone OS FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. | 4.3 |
| 2011-10-14 | CVE-2011-3255 | Credentials Management vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
| 2011-10-14 | CVE-2011-3254 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | 4.3 |
| 2011-10-14 | CVE-2011-3253 | Information Exposure vulnerability in Apple Iphone OS CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | 2.6 |
| 2011-10-14 | CVE-2011-3246 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
| 2011-10-14 | CVE-2011-3245 | Credentials Management vulnerability in Apple Iphone OS The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | 2.1 |
| 2011-10-14 | CVE-2011-3243 | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
| 2011-09-19 | CVE-2011-3234 | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
| 2011-05-03 | CVE-2011-1451 | Improper Input Validation vulnerability in Google Chrome Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers." | 7.5 |
| 2011-05-03 | CVE-2011-1449 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |