Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-25 | CVE-2008-4232 | Unspecified vulnerability in Apple Iphone OS and Safari Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | 5.0 |
| 2008-08-27 | CVE-2008-3281 | XML Entity Expansion vulnerability in multiple products libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | 6.5 |
| 2008-01-16 | CVE-2008-0034 | Unspecified vulnerability in Apple Iphone and Iphone OS Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | 4.6 |
| 2007-09-27 | CVE-2007-3755 | Improper Input Validation vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | 4.3 |
| 2007-09-27 | CVE-2007-3754 | Improper Authentication vulnerability in Apple Iphone and Iphone OS Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. | 4.3 |
| 2007-06-25 | CVE-2007-2400 | Race Condition vulnerability in Apple Iphone OS and Safari Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. | 4.3 |