Apple iOS vulnerabilities

CVE-2011-3261 [MEDIUM] CWE-94 CVE-2011-3261: Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute a Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.

CVE-2011-3260 [MEDIUM] CWE-94 CVE-2011-3260: Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary c Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

CVE-2011-3426 [MEDIUM] CWE-79 CVE-2011-3426: Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers t Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.

CVE-2011-3255 [MEDIUM] CWE-255 CVE-2011-3255: CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it ea CFNetwork in Apple iOS before 5 stores AppleID credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

CVE-2011-3432 [MEDIUM] CWE-399 CVE-2011-3432: The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of servic The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

CVE-2011-3246 [MEDIUM] CWE-200 CVE-2011-3246: CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, wh CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

CVE-2011-3427 [LOW] CWE-200 CVE-2011-3427: The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

CVE-2011-3253 [LOW] CWE-200 CVE-2011-3253: CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.

CVE-2011-3257 [LOW] CWE-264 CVE-2011-3257: The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple u The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.

CVE-2011-3245 [LOW] CWE-255 CVE-2011-3245: The Keyboards component in Apple iOS before 5 displays the final character of an entered password du The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.

CVE-2011-3429 [LOW] CWE-255 CVE-2011-3429: The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.

CVE-2011-3431 [LOW] CWE-200 CVE-2011-3431: The Home screen component in Apple iOS before 5 does not properly support a certain application-swit The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.

CVE-2011-2877 [MEDIUM] CVE-2011-2877: Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers t Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."

CVE-2011-2860 [HIGH] CWE-416 CVE-2011-2860: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.

CVE-2011-3234 [MEDIUM] CWE-125 CVE-2011-3234: Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to c Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

CVE-2011-2857 [MEDIUM] CWE-416 CVE-2011-2857: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.

CVE-2011-2846 [MEDIUM] CWE-416 CVE-2011-2846: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.

CVE-2011-2854 [MEDIUM] CWE-416 CVE-2011-2854: Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."

CVE-2011-2834 [MEDIUM] CWE-415 CVE-2011-2834: Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote at Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CVE-2011-2855 [MEDIUM] CWE-74 CVE-2011-2855: Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequen Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."