Total
3262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-3740 | 1 Apple | 1 Iphone Os | 2012-09-21 | 2.1 LOW | N/A |
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
CVE-2012-3736 | 1 Apple | 1 Iphone Os | 2012-09-21 | 4.6 MEDIUM | N/A |
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||||
CVE-2012-3739 | 1 Apple | 1 Iphone Os | 2012-09-20 | 2.1 LOW | N/A |
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors involving use of the camera. | |||||
CVE-2012-0674 | 1 Apple | 1 Iphone Os | 2012-05-08 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | |||||
CVE-2011-1417 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2012-03-29 | 6.8 MEDIUM | N/A |
Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011. | |||||
CVE-2010-1181 | 1 Apple | 2 Iphone Os, Ipod Touch | 2012-03-29 | 4.3 MEDIUM | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. | |||||
CVE-2011-3442 | 1 Apple | 1 Iphone Os | 2012-02-14 | 7.2 HIGH | N/A |
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app. | |||||
CVE-2011-3440 | 1 Apple | 2 Ipad2, Iphone Os | 2011-11-14 | 1.2 LOW | N/A |
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | |||||
CVE-2011-0226 | 2 Apple, Freetype | 2 Iphone Os, Freetype | 2011-10-25 | 9.3 HIGH | N/A |
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | |||||
CVE-2011-3253 | 1 Apple | 1 Iphone Os | 2011-10-14 | 2.6 LOW | N/A |
CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate. | |||||
CVE-2011-3254 | 1 Apple | 1 Iphone Os | 2011-10-14 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS before 5 allows remote attackers to inject arbitrary web script or HTML via an invitation note. | |||||
CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2011-07-25 | 7.2 HIGH | N/A |
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | |||||
CVE-2011-0195 | 1 Apple | 1 Iphone Os | 2011-07-22 | 4.3 MEDIUM | N/A |
The generate-id XPath function in libxslt in Apple iOS 4.3.x before 4.3.2 allows remote attackers to obtain potentially sensitive information about heap memory addresses via a crafted web site. NOTE: this may overlap CVE-2011-1202. | |||||
CVE-2011-0159 | 1 Apple | 1 Iphone Os | 2011-03-30 | 5.0 MEDIUM | N/A |
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | |||||
CVE-2011-0160 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2011-03-30 | 5.0 MEDIUM | N/A |
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | |||||
CVE-2010-4012 | 1 Apple | 1 Iphone Os | 2010-12-08 | 6.2 MEDIUM | N/A |
Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button. | |||||
CVE-2010-1226 | 1 Apple | 2 Iphone, Iphone Os | 2010-04-01 | 5.0 MEDIUM | N/A |
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | |||||
CVE-2010-1177 | 1 Apple | 2 Iphone Os, Safari | 2010-03-29 | 9.3 HIGH | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. | |||||
CVE-2010-1179 | 1 Apple | 2 Iphone Os, Safari | 2010-03-29 | 9.3 HIGH | N/A |
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024. | |||||
CVE-2009-2204 | 1 Apple | 1 Iphone Os | 2010-03-29 | 10.0 HIGH | N/A |
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. |