- EPSS 2.16%
- Veröffentlicht 25.11.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:27
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
CVE-2008-4233
- EPSS 2.15%
- Veröffentlicht 25.11.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 22:57:27
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted...
- EPSS 6.75%
- Veröffentlicht 10.10.2008 10:30:05
- Zuletzt bearbeitet 16.06.2026 22:57:23
Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) an...
- EPSS 23.37%
- Veröffentlicht 12.09.2008 16:56:20
- Zuletzt bearbeitet 16.06.2026 22:55:59
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
CVE-2008-3612
- EPSS 3.52%
- Veröffentlicht 11.09.2008 01:13:09
- Zuletzt bearbeitet 16.06.2026 22:56:09
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
CVE-2008-3632
- EPSS 5.95%
- Veröffentlicht 11.09.2008 01:13:09
- Zuletzt bearbeitet 16.06.2026 22:56:11
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style...
CVE-2008-3281
- EPSS 2.51%
- Veröffentlicht 27.08.2008 20:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:31
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
CVE-2008-0034
- EPSS 0.36%
- Veröffentlicht 16.01.2008 02:00:00
- Zuletzt bearbeitet 16.06.2026 22:48:47
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
CVE-2007-3753
- EPSS 2.81%
- Veröffentlicht 27.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:39
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input va...
CVE-2007-3754
- EPSS 1.84%
- Veröffentlicht 27.09.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:42:40
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.