Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
Max CVSS
5.0
EPSS Score
0.78%
Published
2008-11-25
Updated
2022-08-09
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
Max CVSS
5.0
EPSS Score
2.18%
Published
2009-06-19
Updated
2022-08-09
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
Max CVSS
5.8
EPSS Score
0.54%
Published
2009-08-12
Updated
2022-08-09
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server.
Max CVSS
5.0
EPSS Score
0.48%
Published
2009-09-10
Updated
2018-11-16
The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G and 3.1.3 on the iPhone 3GS allows remote attackers to cause a denial of service (Safari, Mail, or Springboard crash) via a crafted innerHTML property of a DIV element, related to a "malformed character" issue.
Max CVSS
5.0
EPSS Score
63.58%
Published
2010-04-01
Updated
2010-04-02
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.25%
Published
2010-06-22
Updated
2022-08-09
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
Max CVSS
5.8
EPSS Score
0.33%
Published
2010-06-22
Updated
2022-08-09
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.
Max CVSS
5.8
EPSS Score
0.52%
Published
2010-11-26
Updated
2017-08-17
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
Max CVSS
5.0
EPSS Score
0.30%
Published
2011-03-11
Updated
2011-03-31
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
Max CVSS
5.0
EPSS Score
0.26%
Published
2011-03-11
Updated
2011-03-31
The Web Workers implementation in Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
Max CVSS
5.0
EPSS Score
0.57%
Published
2011-03-11
Updated
2020-06-02
The stateless address autoconfiguration (aka SLAAC) functionality in the IPv6 networking implementation in Apple iOS before 4.3 and Apple TV before 4.2 places the MAC address into the IPv6 address, which makes it easier for remote IPv6 servers to track users by logging source IPv6 addresses.
Max CVSS
5.0
EPSS Score
0.13%
Published
2011-03-11
Updated
2019-03-08
Google Chrome before 14.0.835.163 does not properly handle boxes, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.54%
Published
2011-09-19
Updated
2020-05-08
CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.
Max CVSS
5.0
EPSS Score
0.53%
Published
2011-10-14
Updated
2017-08-29
The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.
Max CVSS
5.0
EPSS Score
3.17%
Published
2011-10-14
Updated
2017-08-29
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.
Max CVSS
5.0
EPSS Score
0.76%
Published
2011-10-14
Updated
2017-08-29
Google Chrome before 15.0.874.102 does not properly handle javascript: URLs, which allows remote attackers to bypass intended access restrictions and read cookies via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.46%
Published
2011-10-25
Updated
2020-05-08
Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.80%
Published
2011-12-13
Updated
2020-05-08
The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
5.0
EPSS Score
2.58%
Published
2011-12-13
Updated
2020-05-07
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
Max CVSS
5.0
EPSS Score
0.84%
Published
2012-03-08
Updated
2018-11-29
CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.
Max CVSS
5.0
EPSS Score
0.20%
Published
2012-03-08
Updated
2018-11-29
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
Max CVSS
5.0
EPSS Score
0.91%
Published
2012-12-21
Updated
2023-02-13
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2012-09-20
Updated
2017-08-29
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.
Max CVSS
5.0
EPSS Score
0.35%
Published
2012-09-20
Updated
2017-08-29
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
Max CVSS
5.0
EPSS Score
0.33%
Published
2012-09-20
Updated
2017-08-29
532 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!