Iphone Os

iphone_os

Vendor: Apple • 4,014 CVEs

CVEs (4,014)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2010-4012 1Apple 1Iphone Os Apr 29, 2026 Dec 8, 2010 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake...Show more Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later allows physically proximate attackers to bypass the passcode lock by making a call from the Emergency Call screen, then quickly pressing the Sleep/Wake button.Show less
CVE-2010-4494 10Apache AppleDebian+7 more 17Chrome Debian LinuxEnterprise Linux Desktop+14 more Apr 29, 2026 Dec 7, 2010 N/A· v4 N/A· v3 7.5 HIGH· v2 Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impac...Show more Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.Show less
CVE-2010-3832 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a craft...Show more Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.Show less
CVE-2010-3831 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery serv...Show more Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action.Show less
CVE-2010-3830 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 7.2 HIGH· v2 Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
CVE-2010-3829 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 5.8 MEDIUM· v2 WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LI...Show more WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813.Show less
CVE-2010-3828 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad.
CVE-2010-3827 1Apple 1Iphone Os Apr 29, 2026 Nov 26, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors.
CVE-2010-4008 9Apache AppleCanonical+6 more 15Chrome Debian LinuxEnterprise Linux Desktop+12 more Apr 29, 2026 Nov 17, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows con...Show more libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.Show less
CVE-2010-1817 1Apple 1Iphone Os Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
CVE-2010-1815 3Apple CanonicalWebkitgtk 3Iphone Os Ubuntu LinuxWebkitgtk Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)...Show more Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.Show less
CVE-2010-1814 3Apple CanonicalWebkitgtk 3Iphone Os Ubuntu LinuxWebkitgtk Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vector...Show more WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.Show less
CVE-2010-1813 1Apple 1Iphone Os Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outli...Show more WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.Show less
CVE-2010-1812 3Apple CanonicalWebkitgtk 3Iphone Os Ubuntu LinuxWebkitgtk Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash)...Show more Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.Show less
CVE-2010-1811 1Apple 1Iphone Os Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
CVE-2010-1810 1Apple 1Iphone Os Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 3.5 LOW· v2 FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
CVE-2010-1809 1Apple 1Iphone Os Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 10.0 HIGH· v2 The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack ve...Show more The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.Show less
CVE-2010-1781 2Apple Canonical 2Iphone Os Ubuntu Linux Apr 29, 2026 Sep 9, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rende...Show more Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.Show less
CVE-2010-3259 4Apple CanonicalGoogle+1 more 5Chrome Iphone OsSafari+2 more Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allow...Show more WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly restrict read access to images derived from CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive image data via a crafted web site.Show less
CVE-2010-3257 4Apple CanonicalGoogle+1 more 5Chrome Iphone OsSafari+2 more Apr 29, 2026 Sep 7, 2010 N/A· v4 N/A· v3 9.3 HIGH· v2 Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause...Show more Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.Show less

Previous 1...196197198...201 Next