Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:iphone_os:3.1.3
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-1119 |
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Published: March 25, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2010-0050 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Published: March 15, 2010; 10:15:32 AM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2009-2816 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Published: November 13, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-2416 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Published: August 11, 2009; 2:30:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |