Vulnerabilities > Apple > Iphone OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2011-10-14 CVE-2011-3259 Resource Management Errors vulnerability in Apple TV and Iphone OS
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
network
low complexity
apple CWE-399
5.0
2011-10-14 CVE-2011-3256 Code Injection vulnerability in Apple Iphone OS
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
network
apple CWE-94
4.3
2011-10-14 CVE-2011-3255 Credentials Management vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
network
apple CWE-255
4.3
2011-10-14 CVE-2011-3254 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
network
apple CWE-79
4.3
2011-10-14 CVE-2011-3246 Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
network
low complexity
apple CWE-200
5.0
2011-10-14 CVE-2011-3243 Cross-Site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
network
apple CWE-79
4.3
2011-09-19 CVE-2011-3234 Out-Of-Bounds Read vulnerability in Google Chrome
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
network
low complexity
google apple CWE-125
5.0
2011-05-03 CVE-2011-1449 USE After Free vulnerability in Google Chrome
Use-after-free vulnerability in the WebSockets implementation in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
network
low complexity
google apple CWE-416
6.8
2011-04-15 CVE-2011-0195 Information Exposure vulnerability in Apple Iphone OS 4.3.0/4.3.1
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site.
network
apple CWE-200
4.3
2011-03-11 CVE-2011-1418 Information Exposure vulnerability in Apple TV, Iphone OS and Tvos
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
network
low complexity
apple CWE-200
5.0