Vulnerabilities > Apple > Iphone OS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-11 | CVE-2008-3632 | Resource Management Errors vulnerability in Apple Iphone, Iphone OS and Ipod Touch Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. | 9.3 |
| 2008-09-11 | CVE-2008-3612 | Use of Insufficiently Random Values vulnerability in Apple Iphone OS 2.0.0/2.0.1/2.0.2 The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. | 9.8 |
| 2008-08-27 | CVE-2008-3281 | XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | 6.5 |
| 2008-01-16 | CVE-2008-0034 | Unspecified vulnerability in Apple Iphone and Iphone OS Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | 4.6 |
| 2007-09-27 | CVE-2007-3755 | Improper Input Validation vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | 4.3 |
| 2007-09-27 | CVE-2007-3754 | Improper Authentication vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | 4.3 |
| 2007-09-27 | CVE-2007-3753 | Improper Input Validation vulnerability in Apple Iphone and Iphone OS Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. | 7.5 |
| 2007-07-23 | CVE-2007-3944 | Buffer Errors vulnerability in Apple Iphone OS, Safari and Webkit Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. | 9.3 |
| 2007-06-25 | CVE-2007-2400 | Race Condition vulnerability in Apple Iphone OS and Safari Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | 4.3 |