Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:apple:iphone_os:1.0.2
There are 2,203 matching records.
Displaying matches 2,141 through 2,160.
Vuln ID Summary CVSS Severity
CVE-2011-0981

Google Chrome before 9.0.597.94 does not properly perform event handling for animations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."

Published: February 10, 2011; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3831

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3830

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.

Published: November 26, 2010; 3:00:03 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-3827

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.

Published: November 26, 2010; 3:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-4008

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

Published: November 16, 2010; 8:00:02 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2010-1817

Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1815

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1814

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1813

WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1812

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1811

ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2010-1809

The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-1781

Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.

Published: September 09, 2010; 6:00:01 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-1797

Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted CFF opcodes in embedded fonts in a PDF document, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.

Published: August 16, 2010; 2:39:40 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2010-2913

The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.

Published: July 30, 2010; 9:26:18 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2010-1775

Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.

Published: June 22, 2010; 4:30:01 PM -0400
V3.x:(not available)
V2.0: 1.9 LOW