VYPR

Iphone OS

by Apple Inc.

CVEs (2,060)

  • CVE-2010-3832Nov 26, 2010
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

  • CVE-2010-3831Nov 26, 2010
    risk 0.00cvss epss 0.01

    Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.

  • CVE-2010-3829Nov 26, 2010
    risk 0.00cvss epss 0.02

    WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a…

  • CVE-2010-3828Nov 26, 2010
    risk 0.00cvss epss 0.01

    iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

  • CVE-2010-3827Nov 26, 2010
    risk 0.00cvss epss 0.01

    Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

  • CVE-2010-4008Nov 17, 2010
    risk 0.00cvss epss 0.03

    libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service…

  • CVE-2010-1817Sep 9, 2010
    risk 0.00cvss epss 0.03

    Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

  • CVE-2010-1815Sep 9, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

  • CVE-2010-1814Sep 9, 2010
    risk 0.00cvss epss 0.04

    WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.

  • CVE-2010-1812Sep 9, 2010
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

  • CVE-2010-1811Sep 9, 2010
    risk 0.00cvss epss 0.03

    ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.

  • CVE-2010-1810Sep 9, 2010
    risk 0.00cvss epss 0.01

    FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

  • CVE-2010-1809Sep 9, 2010
    risk 0.00cvss epss 0.02

    The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

  • CVE-2010-1781Sep 9, 2010
    risk 0.00cvss epss 0.04

    Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.

  • CVE-2010-3259Sep 7, 2010
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and…

  • CVE-2010-3257Sep 7, 2010
    risk 0.00cvss epss 0.03

    Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors…

  • CVE-2010-3116Aug 24, 2010
    risk 0.00cvss epss 0.04

    Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via…

  • CVE-2010-2808Aug 19, 2010
    risk 0.00cvss epss 0.05

    Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN)…

  • CVE-2010-2807Aug 19, 2010
    risk 0.00cvss epss 0.04

    FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

  • CVE-2010-2806Aug 19, 2010
    risk 0.00cvss epss 0.06

    Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files,…

Page 100 of 103