Iphone Os

iphone_os

Vendor: Apple • 4,014 CVEs

CVEs (4,014)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-3254 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note.
CVE-2011-3253 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 2.6 LOW· v2 CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.
CVE-2011-3246 1Apple 3Iphone Os Mac Os XMac Os X Server Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sit...Show more CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.Show less
CVE-2011-3245 1Apple 1Iphone Os Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 2.1 LOW· v2 The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by read...Show more The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.Show less
CVE-2011-3243 1Apple 2Iphone Os Safari Apr 29, 2026 Oct 14, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
CVE-2011-2877 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Oct 4, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
CVE-2011-3234 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
CVE-2011-2860 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to table styles.
CVE-2011-2857 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the focus controller.
CVE-2011-2855 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown ve...Show more Google Chrome before 14.0.835.163 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale node."Show less
CVE-2011-2854 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to "ruby / table style handing."
CVE-2011-2847 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in the document loader in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document.
CVE-2011-2846 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unload event handling.
CVE-2011-2834 4Apple DebianGoogle+1 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Apr 29, 2026 Sep 19, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Double free vulnerability in libxml2, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.
CVE-2011-0228 1Apple 1Iphone Os Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof...Show more The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.Show less
CVE-2011-2827 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to text searching.
CVE-2011-2825 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving custom fonts.
CVE-2011-2823 2Apple Google 4Chrome Iphone OsItunes+1 more Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Use-after-free vulnerability in Google Chrome before 13.0.782.215 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a line box.
CVE-2011-2821 4Apple DebianGoogle+1 more 8Chrome Debian LinuxEnterprise Linux Desktop+5 more Apr 29, 2026 Aug 29, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in libxml2, as used in Google Chrome before 13.0.782.215, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted XPath expression.
CVE-2011-2819 2Apple Google 3Chrome Iphone OsSafari Apr 29, 2026 Aug 3, 2011 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

Previous 1...193194195...201 Next