VYPR

iPhone

by Apple Inc.

CVEs (29)

  • CVE-2008-3612CriSep 11, 2008
    risk 0.64cvss 9.8epss 0.04

    The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.

  • CVE-2008-3950Sep 16, 2008
    risk 0.04cvss epss 0.07

    Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an…

  • CVE-2008-2303Jul 14, 2008
    risk 0.04cvss epss 0.13

    Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a…

  • CVE-2007-2401Jun 25, 2007
    risk 0.04cvss epss 0.07

    CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the…

  • CVE-2007-5450Oct 14, 2007
    risk 0.03cvss epss 0.05

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.

  • CVE-2008-2317Jul 14, 2008
    risk 0.01cvss epss 0.08

    WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a…

  • CVE-2007-3944Jul 23, 2007
    risk 0.01cvss epss 0.07

    Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular…

  • CVE-2019-25071Jun 25, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit…

  • CVE-2019-9536Nov 22, 2019
    risk 0.00cvss epss 0.00

    Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware.

  • CVE-2008-4593Oct 17, 2008
    risk 0.00cvss epss 0.00

    Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug…

  • CVE-2008-3632Sep 11, 2008
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import…

  • CVE-2008-3631Sep 11, 2008
    risk 0.00cvss epss 0.02

    Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.

  • CVE-2008-3876Sep 2, 2008
    risk 0.00cvss epss 0.00

    Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's…

  • CVE-2008-1590Jul 14, 2008
    risk 0.00cvss epss 0.03

    JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger…

  • CVE-2008-1589Jul 14, 2008
    risk 0.00cvss epss 0.01

    Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.

  • CVE-2008-1588Jul 14, 2008
    risk 0.00cvss epss 0.02

    Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.

  • CVE-2008-0034Jan 16, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.

  • CVE-2008-0035Jan 16, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that…

  • CVE-2007-5858Dec 19, 2007
    risk 0.00cvss epss 0.03

    WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive…

  • CVE-2007-4671Sep 27, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to "alter or access" HTTPS content via an HTTP session with a crafted web page that causes Javascript to be…

Page 1 of 2