Iphone OS
by Apple Inc.
CVEs (2,060)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3255 | 0.00 | — | 0.02 | Oct 14, 2011 | CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application. | |||
| CVE-2011-3254 | 0.00 | — | 0.01 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |||
| CVE-2011-3253 | 0.00 | — | 0.01 | Oct 14, 2011 | CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||
| CVE-2011-3246 | 0.00 | — | 0.03 | Oct 14, 2011 | CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL. | |||
| CVE-2011-3245 | 0.00 | — | 0.00 | Oct 14, 2011 | The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character. | |||
| CVE-2011-3243 | 0.00 | — | 0.02 | Oct 14, 2011 | Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows. | |||
| CVE-2011-2877 | 0.00 | — | 0.01 | Oct 4, 2011 | Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font." | |||
| CVE-2011-3234 | 0.00 | — | 0.02 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2011-2860 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles. | |||
| CVE-2011-2857 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller. | |||
| CVE-2011-2855 | 0.00 | — | 0.02 | Sep 19, 2011 | Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node." | |||
| CVE-2011-2854 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing." | |||
| CVE-2011-2847 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document. | |||
| CVE-2011-2846 | 0.00 | — | 0.02 | Sep 19, 2011 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling. | |||
| CVE-2011-2834 | 0.00 | — | 0.02 | Sep 19, 2011 | Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling. | |||
| CVE-2011-2827 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching. | |||
| CVE-2011-2825 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts. | |||
| CVE-2011-2823 | 0.00 | — | 0.02 | Aug 29, 2011 | Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box. | |||
| CVE-2011-2821 | 0.00 | — | 0.02 | Aug 29, 2011 | Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression. | |||
| CVE-2011-2819 | 0.00 | — | 0.01 | Aug 3, 2011 | Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI. |
- CVE-2011-3255Oct 14, 2011risk 0.00cvss —epss 0.02
CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
- CVE-2011-3254Oct 14, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
- CVE-2011-3253Oct 14, 2011risk 0.00cvss —epss 0.01
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
- CVE-2011-3246Oct 14, 2011risk 0.00cvss —epss 0.03
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
- CVE-2011-3245Oct 14, 2011risk 0.00cvss —epss 0.00
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.
- CVE-2011-3243Oct 14, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
- CVE-2011-2877Oct 4, 2011risk 0.00cvss —epss 0.01
Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
- CVE-2011-3234Sep 19, 2011risk 0.00cvss —epss 0.02
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2011-2860Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
- CVE-2011-2857Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
- CVE-2011-2855Sep 19, 2011risk 0.00cvss —epss 0.02
Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."
- CVE-2011-2854Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
- CVE-2011-2847Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
- CVE-2011-2846Sep 19, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
- CVE-2011-2834Sep 19, 2011risk 0.00cvss —epss 0.02
Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
- CVE-2011-2827Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
- CVE-2011-2825Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
- CVE-2011-2823Aug 29, 2011risk 0.00cvss —epss 0.02
Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
- CVE-2011-2821Aug 29, 2011risk 0.00cvss —epss 0.02
Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
- CVE-2011-2819Aug 3, 2011risk 0.00cvss —epss 0.01
Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.
Page 97 of 103