Apple iOS vulnerabilities

CVE-2011-3919 [HIGH] CWE-787 CVE-2011-3919: Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote at Heap-based buffer overflow in libxml2, as used in Google Chrome before 16.0.912.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2011-3913 [HIGH] CWE-416 CVE-2011-3913: Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to Range handling.

CVE-2011-3909 [MEDIUM] CWE-119 CVE-2011-3909: The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platfo The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.

CVE-2011-3908 [MEDIUM] CWE-125 CVE-2011-3908: Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attacker Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-3439 [CRITICAL] CWE-787 CVE-2011-3439: FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

CVE-2011-3442 [HIGH] CWE-399 CVE-2011-3442: The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap s The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

CVE-2011-3897 [MEDIUM] CWE-416 CVE-2011-3897: Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attack Use-after-free vulnerability in Google Chrome before 15.0.874.120 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing.

CVE-2011-3441 [MEDIUM] CWE-200 CVE-2011-3441: libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remo libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.

CVE-2011-3440 [LOW] CWE-264 CVE-2011-3440: The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the lo The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.

CVE-2011-3885 [HIGH] CWE-416 CVE-2011-3885: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to stale Cascading Style Sheets (CSS) token-sequence data.

CVE-2011-2845 [MEDIUM] CWE-20 CVE-2011-2845: Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted Google Chrome before 15.0.874.102 does not properly handle history data, which allows user-assisted remote attackers to spoof the URL bar via unspecified vectors.

CVE-2011-3881 [MEDIUM] CWE-79 CVE-2011-3881: WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ prope

CVE-2011-3887 [MEDIUM] CWE-565 CVE-2011-3887: Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote att Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.

CVE-2011-3888 [MEDIUM] CWE-416 CVE-2011-3888: Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attack Use-after-free vulnerability in Google Chrome before 15.0.874.102 allows user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to editing operations in conjunction with an unknown plug-in.

CVE-2011-3430 [CRITICAL] CVE-2011-3430: The Settings component in Apple iOS before 5, when a configuration profile is used for a locale othe The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.

CVE-2011-3434 [MEDIUM] CWE-255 CVE-2011-3434: The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

CVE-2011-3243 [MEDIUM] CWE-79 CVE-2011-3243: Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

CVE-2011-3259 [MEDIUM] CWE-399 CVE-2011-3259: The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.

CVE-2011-3254 [MEDIUM] CWE-79 CVE-2011-3254: Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers t Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.

CVE-2011-3256 [MEDIUM] CVE-2011-3256: FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5 FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.