CVE-2009-2796
- EPSS 0.36%
- Veröffentlicht 10.09.2009 21:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:14
The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password.
- EPSS 3.58%
- Veröffentlicht 10.09.2009 21:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:14
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by readi...
CVE-2009-2815
- EPSS 2.47%
- Veröffentlicht 10.09.2009 21:30:01
- Zuletzt bearbeitet 16.06.2026 23:10:16
The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message.
CVE-2009-2199
- EPSS 2.59%
- Veröffentlicht 12.08.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:59
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishi...
CVE-2009-2416
- EPSS 1.79%
- Veröffentlicht 11.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:24
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute...
- EPSS 8.47%
- Veröffentlicht 03.08.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:00
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demons...
CVE-2009-1724
- EPSS 6.21%
- Veröffentlicht 09.07.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:55
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors r...
CVE-2009-1725
- EPSS 6.19%
- Veröffentlicht 09.07.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:55
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character...
CVE-2009-0958
- EPSS 0.94%
- Veröffentlicht 19.06.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:12
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and a...
CVE-2009-0959
- EPSS 2.51%
- Veröffentlicht 19.06.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:12
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."