Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone
Total 24 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22592 1 Apple 6 Ipados, Iphone, Macos and 3 more 2022-09-09 4.3 MEDIUM 6.5 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
CVE-2011-1344 1 Apple 5 Ipad, Iphone, Iphone Os and 2 more 2022-08-09 6.8 MEDIUM N/A
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
CVE-2007-3759 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 6.8 MEDIUM N/A
Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect.
CVE-2007-3757 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 4.3 MEDIUM N/A
Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed.
CVE-2007-3761 1 Apple 3 Iphone, Iphone Os, Safari 2022-08-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain.
CVE-2008-1588 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
CVE-2007-3755 1 Apple 2 Iphone, Iphone Os 2022-08-09 4.3 MEDIUM N/A
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number.
CVE-2007-3754 1 Apple 2 Iphone, Iphone Os 2022-08-09 4.3 MEDIUM N/A
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack.
CVE-2008-2317 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 9.3 HIGH N/A
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
CVE-2008-0729 1 Apple 3 Iphone, Iphone Os, Mobile Safari 2022-08-09 7.1 HIGH N/A
Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.
CVE-2008-0034 1 Apple 2 Iphone, Iphone Os 2022-08-09 4.6 MEDIUM N/A
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls.
CVE-2008-0035 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2022-08-09 6.8 MEDIUM N/A
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
CVE-2007-5858 1 Apple 5 Iphone, Iphone Os, Ipod Touch and 2 more 2022-08-09 4.3 MEDIUM N/A
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
CVE-2007-3753 1 Apple 2 Iphone, Iphone Os 2022-08-09 7.5 HIGH N/A
Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation.
CVE-2008-3632 1 Apple 3 Iphone, Iphone Os, Ipod Touch 2022-08-09 9.3 HIGH N/A
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
CVE-2008-1589 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 4.3 MEDIUM N/A
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
CVE-2008-1590 2 Apple, Webkit 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 6.8 MEDIUM N/A
JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.
CVE-2008-2303 1 Apple 4 Iphone, Iphone Os, Ipod Touch and 1 more 2022-08-09 10.0 HIGH N/A
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
CVE-2008-3950 1 Apple 3 Iphone, Ipod Touch, Safari 2018-10-11 5.0 MEDIUM N/A
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
CVE-2008-4593 1 Apple 1 Iphone 2017-08-08 1.2 LOW N/A
Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled and Show SMS Preview is disabled, allows physically proximate attackers to obtain sensitive information by performing an Emergency Call tap and then reading SMS messages on the device screen, aka Apple bug number 6267416.