Vulnerabilities > Apple > Iphone OS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-22 | CVE-2010-1407 | Information Exposure vulnerability in Apple Iphone OS WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. | 4.3 |
| 2010-06-18 | CVE-2010-2332 | Improper Input Validation vulnerability in Impactfinancials Impact PDF Reader 1.2/2.0 Impact Financials, Inc. | 5.0 |
| 2010-04-01 | CVE-2010-1226 | Improper Input Validation vulnerability in Apple Iphone OS 3.1/3.1.3 The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue. | 5.0 |
| 2010-03-29 | CVE-2010-1181 | Improper Input Validation vulnerability in Apple Iphone OS 3.1.3 Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. | 4.3 |
| 2010-03-29 | CVE-2010-1178 | Unspecified vulnerability in Apple Safari Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) via a JavaScript loop that attempts to construct an infinitely long string. network apple | 4.3 |
| 2010-02-03 | CVE-2010-0496 | Improper Input Validation vulnerability in Freebit Serversman 3.1.5 FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. | 5.0 |
| 2010-02-03 | CVE-2010-0038 | Resource Management Errors vulnerability in Apple Iphone OS Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. | 4.6 |
| 2009-11-13 | CVE-2009-2816 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | 6.8 |
| 2009-09-21 | CVE-2009-3271 | Improper Input Validation vulnerability in Apple Iphone OS and Safari Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. | 4.3 |
| 2009-09-10 | CVE-2009-2797 | Information Exposure vulnerability in multiple products The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | 5.0 |