|
3461
|
-
5.0
|
MEDIUM
|
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
|
CWE-399
Resource Management Errors
|
CVE-2011-3432
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3462
|
-
2.1
|
LOW
|
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state informati…
|
CWE-200
Information Exposure
|
CVE-2011-3431
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3463
|
-
9.3
|
HIGH
|
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to ha…
|
NVD-CWE-Other
|
CVE-2011-3430
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3464
|
-
2.1
|
LOW
|
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information…
|
CWE-255
Credentials Management
|
CVE-2011-3429
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3465
|
-
2.6
|
LOW
|
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-midd…
|
CWE-200
Information Exposure
|
CVE-2011-3427
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3466
|
-
4.3
|
MEDIUM
|
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment"…
|
CWE-79
Cross-site Scripting
|
CVE-2011-3426
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3467
|
-
6.8
|
MEDIUM
|
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
|
CWE-94
Code Injection
|
CVE-2011-3261
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3468
|
-
6.8
|
MEDIUM
|
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
|
CWE-94
Code Injection
|
CVE-2011-3260
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3469
|
-
5.0
|
MEDIUM
|
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resourc…
|
CWE-399
Resource Management Errors
|
CVE-2011-3259
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3470
|
-
2.1
|
LOW
|
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-3257
|
cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:- cpe:2.3:o:apple:iphone_os:4.3.5:* cpe:2.3:…
|
|
|
|
|
2024-11-21 10:30
2011-10-14
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|