Vulnerabilities > Apple > Iphone OS > Medium

DATE CVE VULNERABILITY TITLE RISK
2011-10-14 CVE-2011-3432 Resource Management Errors vulnerability in Apple Iphone OS
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
network
low complexity
apple CWE-399
5.0
5.0
2011-10-14 CVE-2011-3426 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
network
apple CWE-79
4.3
4.3
2011-10-14 CVE-2011-3261 Code Injection vulnerability in Apple Iphone OS
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
network
apple CWE-94
6.8
6.8
2011-10-14 CVE-2011-3260 Code Injection vulnerability in Apple Iphone OS
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
network
apple CWE-94
6.8
6.8
2011-10-14 CVE-2011-3259 Resource Management Errors vulnerability in Apple TV and Iphone OS
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
network
low complexity
apple CWE-399
5.0
5.0
2011-10-14 CVE-2011-3256 Code Injection vulnerability in Apple Iphone OS
FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.
network
apple CWE-94
4.3
4.3
2011-10-14 CVE-2011-3255 Credentials Management vulnerability in Apple Iphone OS
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
network
apple CWE-255
4.3
4.3
2011-10-14 CVE-2011-3254 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
network
apple CWE-79
4.3
4.3
2011-10-14 CVE-2011-3246 Information Exposure vulnerability in Apple Iphone OS, mac OS X and mac OS X Server
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
network
low complexity
apple CWE-200
5.0
5.0
2011-10-14 CVE-2011-3243 Cross-Site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
network
apple CWE-79
4.3
4.3