Vulnerabilities > Apple > Iphone OS > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-10-14 | CVE-2011-3259 | Resource Management Errors vulnerability in Apple TV and Iphone OS The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts. | 5.0 |
2011-10-14 | CVE-2011-3256 | Code Injection vulnerability in Apple Iphone OS FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226. | 4.3 |
2011-10-14 | CVE-2011-3255 | Credentials Management vulnerability in Apple Iphone OS CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2011-10-14 | CVE-2011-3254 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | 4.3 |
2011-10-14 | CVE-2011-3246 | Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | 5.0 |
2011-10-14 | CVE-2011-3243 | Cross-Site Scripting vulnerability in Apple Iphone OS and Safari Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | 4.3 |
2011-09-19 | CVE-2011-3234 | Out-Of-Bounds Read vulnerability in Google Chrome Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | 5.0 |
2011-05-03 | CVE-2011-1449 | USE After Free vulnerability in Google Chrome Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | 6.8 |
2011-04-15 | CVE-2011-0195 | Information Exposure vulnerability in Apple Iphone OS 4.3.0/4.3.1 The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. | 4.3 |
2011-03-11 | CVE-2011-1418 | Information Exposure vulnerability in Apple TV, Iphone OS and Tvos The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses. | 5.0 |