CVSS: 9.3EPSS: 14%CPEs: 14EXPL: 0CVE-2008-2317 – Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2317
14 Jul 2008 — WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. WebCore en Safari de Apple no realiza apropiadamente garbage co... • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1588
https://notcve.org/view.php?id=CVE-2008-1588
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 3CVE-2008-0729 – Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0729
12 Feb 2008 — Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. Mobile Safari en Apple iPhone en versiones 1.1.2 y 1.1.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispo... • https://www.exploit-db.com/exploits/31057 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-0034
https://notcve.org/view.php?id=CVE-2008-0034
16 Jan 2008 — Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. Vulnerabilidad no especificada en Passcode Lock en Apple iPhone 1.0 hasta el 1.1.2 permite a usuarios con acceso físico ejecutar aplicaciones Sin entrar en el código de acceso a través de los vectores relacionados con las llamadas de emergencia. • http://docs.info.apple.com/article.html?artnum=307302 •
CVSS: 8.8EPSS: 29%CPEs: 12EXPL: 0CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
16 Jan 2008 — Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los ... • http://docs.info.apple.com/article.html?artnum=307302 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 0CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
19 Dec 2007 — WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se p... • http://docs.info.apple.com/article.html?artnum=307178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3759
https://notcve.org/view.php?id=CVE-2007-3759
27 Sep 2007 — Safari in Apple iPhone 1.1.1, when requested to disable Javascript, does not disable it until Safari is restarted, which might leave Safari open to attacks that the user does not expect. Safari en Apple iPhone 1.1.1, cuando se solicita deshabilitar Javascript, no lo deshabilita hasta que Safari se reinicia, lo cual podría dejar a Safari abierto a ataques que el usuario no espere. • http://docs.info.apple.com/article.html?artnum=306586 • CWE-16: Configuration •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3761
https://notcve.org/view.php?id=CVE-2007-3761
27 Sep 2007 — Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone 1.1.1 allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Safari de Apple iPhone 1.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección provocando que eventos Javascript sean aplicados a un marco (frame) en otro dominio. • http://docs.info.apple.com/article.html?artnum=306586 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3753
https://notcve.org/view.php?id=CVE-2007-3753
27 Sep 2007 — Apple iPhone 1.1.1, with Bluetooth enabled, allows physically proximate attackers to cause a denial of service (application termination) and execute arbitrary code via crafted Service Discovery Protocol (SDP) packets, related to insufficient input validation. Apple iPhone 1.1.1, con Bluetooth habilitado, permite a atacantes físicamente próximos provocar una denegación de servicio (terminación de la aplicación) y ejecutar código de su elección mediante paquetes SDP (Service Discovery Protocol), relacionado c... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3754
https://notcve.org/view.php?id=CVE-2007-3754
27 Sep 2007 — Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. Mail en Apple iPhone 1.1.1, al usar SSL, no avisa al usuario cuando el servidor de correo cambia o no es confiable, lo cual permite a atacantes remotos robar credenciales y leer correos electrónicos mediante un ataque de hombre en el medio (MITM, man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=306586 • CWE-287: Improper Authentication •