Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:iphone_os:3.2
There are 2,454 matching records.
Displaying matches 2,421 through 2,440.
Vuln ID Summary CVSS Severity
CVE-2010-3830

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3827

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

Published: November 26, 2010; 3:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1817

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1815

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1814

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1813

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1812

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1811

ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-1781

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3259

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.

Published: September 07, 2010; 2:00:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

Published: September 07, 2010; 2:00:02 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-3116

Multiple use-after-free vulnerabilities in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper handling of MIME types by plug-ins.

Published: August 24, 2010; 4:00:02 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-2808

Buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Adobe Type 1 Mac Font File (aka LWFN) font.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2807

FreeType before 2.4.2 uses incorrect integer data types during bounds checking, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-2806

Array index error in the t42_parse_sfnts function in type42/t42parse.c in FreeType before 2.4.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via negative size values for certain strings in FontType42 font files, leading to a heap-based buffer overflow.

Published: August 19, 2010; 2:00:05 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM