Search Results (Refine Search)
- CPE Product Version: cpe:/o:apple:iphone_os:3.2.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-1756 |
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2010-1755 |
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1754 |
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2010-1753 |
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1752 |
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1751 |
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. Published: June 22, 2010; 4:30:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-0050 |
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Published: March 15, 2010; 10:15:32 AM -0400 |
V3.1: 8.8 HIGH V2.0: 9.3 HIGH |
CVE-2009-2816 |
The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. Published: November 13, 2009; 10:30:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2009-2416 |
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Published: August 11, 2009; 2:30:00 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |