Filtered by vendor Apple
Subscriptions
Filtered by product Iphone Os
Subscriptions
Total
4256 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1589 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. | ||||
| CVE-2008-1588 | 1 Apple | 4 Iphone, Iphone Os, Ipod Touch and 1 more | 2025-04-09 | N/A |
| Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. | ||||
| CVE-2009-2815 | 1 Apple | 1 Iphone Os | 2025-04-09 | N/A |
| The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. | ||||
| CVE-2007-5858 | 1 Apple | 5 Iphone, Iphone Os, Ipod Touch and 2 more | 2025-04-09 | N/A |
| WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. | ||||
| CVE-2009-2199 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | N/A |
| Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. | ||||
| CVE-2009-0946 | 7 Apple, Canonical, Debian and 4 more | 10 Iphone Os, Mac Os X, Mac Os X Server and 7 more | 2025-04-09 | N/A |
| Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. | ||||
| CVE-2009-1683 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." | ||||
| CVE-2009-1690 | 3 Apple, Google, Redhat | 4 Iphone Os, Safari, Chrome and 1 more | 2025-04-09 | N/A |
| Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | ||||
| CVE-2009-1700 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | N/A |
| The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. | ||||
| CVE-2008-4229 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. | ||||
| CVE-2007-3757 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | N/A |
| Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. | ||||
| CVE-2008-4232 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | N/A |
| Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. | ||||
| CVE-2009-1724 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. | ||||
| CVE-2007-3759 | 1 Apple | 3 Iphone, Iphone Os, Safari | 2025-04-09 | N/A |
| Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. | ||||
| CVE-2007-3755 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | N/A |
| Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. | ||||
| CVE-2008-0034 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | N/A |
| Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | ||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 12 Iphone Os, Safari, Ubuntu Linux and 9 more | 2025-04-09 | 6.5 Medium |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | ||||
| CVE-2009-0959 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-09 | N/A |
| The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." | ||||
| CVE-2024-54550 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-04-04 | 4 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to view autocompleted contact information from Messages and Mail in system logs. | ||||
| CVE-2024-54530 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-04-04 | 9.1 Critical |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, watchOS 11.2, visionOS 2.2, iOS 18.2 and iPadOS 18.2. Password autofill may fill in passwords after failing authentication. | ||||