VYPR

iPhone

by Apple Inc.

CVEs (29)

  • CVE-2007-3761Sep 27, 2007
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.

  • CVE-2007-3759Sep 27, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.

  • CVE-2007-3760Sep 27, 2007
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to inject arbitrary web script or HTML via frame tags.

  • CVE-2007-3754Sep 27, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.

  • CVE-2007-3755Sep 27, 2007
    risk 0.00cvss epss 0.02

    Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.

  • CVE-2007-3753Sep 27, 2007
    risk 0.00cvss epss 0.03

    Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.

  • CVE-2007-3757Sep 27, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.

  • CVE-2007-3756Sep 27, 2007
    risk 0.00cvss epss 0.02

    Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and Mac OS X 10.4 through 10.4.10, allows remote attackers to obtain sensitive information via a crafted web page that identifies the URL of the parent window, even when the parent window is in a…

  • CVE-2007-3742Aug 3, 2007
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs)…

Page 2 of 2