Vulnerabilities > Apple > Iphone OS > 3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-11-26 | CVE-2010-3831 | Information Exposure vulnerability in Apple Iphone OS Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. | 4.3 |
| 2010-11-26 | CVE-2010-3830 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2010-11-26 | CVE-2010-3829 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | 5.8 |
| 2010-11-26 | CVE-2010-3828 | Unspecified vulnerability in Apple Iphone OS iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. network apple | 4.3 |
| 2010-11-26 | CVE-2010-3827 | Improper Input Validation vulnerability in Apple Iphone OS Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. | 4.3 |
| 2010-11-17 | CVE-2010-4008 | Buffer Errors vulnerability in Google Chrome libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. | 4.3 |
| 2010-11-09 | CVE-2010-4211 | Improper Authentication vulnerability in Ebay Paypal The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate. | 2.9 |
| 2010-09-09 | CVE-2010-1817 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file. | 6.8 |
| 2010-09-09 | CVE-2010-1815 | Resource Management Errors vulnerability in multiple products Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. | 6.8 |
| 2010-09-09 | CVE-2010-1814 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. | 6.8 |