CVE-2011-3260
- EPSS 3.35%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:32:58
Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.
CVE-2011-3261
- EPSS 2.93%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:32:59
Double free vulnerability in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Excel spreadsheet.
CVE-2011-3426
- EPSS 1.82%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.
CVE-2011-3427
- EPSS 0.9%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive i...
CVE-2011-3429
- EPSS 0.37%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
The Settings component in Apple iOS before 5 stores a cleartext parental-restrictions passcode in an unspecified file, which might allow physically proximate attackers to obtain sensitive information by reading this file.
CVE-2011-3430
- EPSS 1.75%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect co...
CVE-2011-3431
- EPSS 0.37%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
The Home screen component in Apple iOS before 5 does not properly support a certain application-switching gesture, which might allow physically proximate attackers to obtain sensitive state information by watching the device's screen.
- EPSS 2.2%
- Veröffentlicht 14.10.2011 10:55:10
- Zuletzt bearbeitet 16.06.2026 23:33:16
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
CVE-2011-3243
- EPSS 1.98%
- Veröffentlicht 14.10.2011 10:55:09
- Zuletzt bearbeitet 16.06.2026 23:32:57
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
CVE-2011-3245
- EPSS 0.37%
- Veröffentlicht 14.10.2011 10:55:09
- Zuletzt bearbeitet 16.06.2026 23:32:57
The Keyboards component in Apple iOS before 5 displays the final character of an entered password during a subsequent use of a keyboard, which allows physically proximate attackers to obtain sensitive information by reading this character.