CVSS: 6.1EPSS: 0%CPEs: 91EXPL: 0CVE-2012-2648
https://notcve.org/view.php?id=CVE-2012-2648
07 Aug 2012 — Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la app GoodReader v3.16 y anteriores para iOS en iPad, y v3.15.1 y anteriores para IOS en iPhone e iPod touch, permite a atacantes r... • http://jvn.jp/en/jp/JVN01598734/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
10 Mar 2011 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, perm... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 78%CPEs: 7EXPL: 0CVE-2010-1814 – webkit: memory corruption flaw when handling form menus
https://notcve.org/view.php?id=CVE-2010-1814
09 Sep 2010 — WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus. WebKit en Apple OI anterior a v4.1 en el iPhone y el iPod touch permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores que implican form menus. This GLSA contains... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 85%CPEs: 3EXPL: 1CVE-2010-1813 – Webkit (Apple Safari < 4.1.2/5.0.2 / Google Chrome < 5.0.375.125) - Memory Corruption
https://notcve.org/view.php?id=CVE-2010-1813
09 Sep 2010 — WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines. WebKit de Apple OI anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores que comprenden HTML object outlines. • https://www.exploit-db.com/exploits/14967 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 6EXPL: 0CVE-2010-1781
https://notcve.org/view.php?id=CVE-2010-1781
09 Sep 2010 — Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element. Doble vulnerabilidad libre en WebKit en Apple iOS anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de vectores relacionados con la prestación de un el... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 68%CPEs: 7EXPL: 0CVE-2010-1812 – webkit: use-after-free flaw in handling of selections
https://notcve.org/view.php?id=CVE-2010-1812
09 Sep 2010 — Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections. Vulnerabilidad de uso después de la liberación en WebKit en Apple iOS anterior a v4.1 en el iPhone e iPod touch, permite a atacantes remotos producir una denegación de servicio (caída de la aplicación) mediante vectores que comprenden selecciones. This GLSA ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.8EPSS: 68%CPEs: 7EXPL: 0CVE-2010-1815 – webkit: use-after-free flaw when handling scrollbars
https://notcve.org/view.php?id=CVE-2010-1815
09 Sep 2010 — Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Vulnerabilidad de uso después de la liberación en WebKit en Apple iOS anterior a v4.1 en iPhone e iPod touch, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) mediante vectores que comprenden las barras de desplazamiento.... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2010-1810
https://notcve.org/view.php?id=CVE-2010-1810
09 Sep 2010 — FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. FaceTime en Apple iOS anterior a v4.1 en el iPhone e iPod touch no maneja correctamente certificados X.509 no válidos, lo cual permite a atacantes de "hombre-en-medio" redireccionar llamadas a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1809
https://notcve.org/view.php?id=CVE-2010-1809
09 Sep 2010 — The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors. El componente Accessibility en Apple iOS anterior a v4.1 en el iPhone e iPod touch no lleva a cabo el esperado anuncio de VoiceOver asociado con el icono de ubicación de servicios, que tiene un impacto y unos vectores de ataque no especificados. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2010-1811
https://notcve.org/view.php?id=CVE-2010-1811
09 Sep 2010 — ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file. ImageIO en Apple iOS anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un archivo TIFF manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •