Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.
Max CVSS
4.3
EPSS Score
0.21%
Published
2010-11-26
Updated
2017-08-17
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.
Max CVSS
4.3
EPSS Score
0.29%
Published
2010-09-07
Updated
2020-08-04
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
Max CVSS
4.3
EPSS Score
0.53%
Published
2010-06-22
Updated
2022-08-09
3 vulnerabilities found