CVSS: 5.7EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1775
https://notcve.org/view.php?id=CVE-2010-1775
22 Jun 2010 — Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Condición de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes físicamente próximos eludir los requerimientos de contraseña establecidos y asociar un dispositivo bloqueado con ... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 31%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 37%CPEs: 54EXPL: 5CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
19 Mar 2010 — Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y ... • https://www.exploit-db.com/exploits/11574 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0CVE-2010-0038
https://notcve.org/view.php?id=CVE-2010-0038
03 Feb 2010 — Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. El modo de recuperación en Apple iPhone OS desde v1.0 hasta v3.1.2, y iPhone OS para iPod touch desde v1.1 hasta v3.1.2, permite a atacantes físicamente próximos evitar el bloqueo del dispositivo, y leer o modificar datos de forma arbitraria, a través de... • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3273
https://notcve.org/view.php?id=CVE-2009-3273
21 Sep 2009 — iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. iPhone Mail en Apple iPhone OS, y en iPhone OS para iPod touch, no valida los certificados X.509, permitiendo a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores de e-mail SSL de su elección mediante un certificado manipulado. • http://www.securityfocus.com/archive/1/506428/100/0/threaded • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2009-2815
https://notcve.org/view.php?id=CVE-2009-2815
10 Sep 2009 — The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. El componente Telephony en Apple iPhone OS anterior a v3.1 no maneja adecuadamente las notificaciones de llegada SMS, lo que permite a atacantes remotos provocar una denagación de servicio (puntero a deferencia NULL e interrupción del servicio) a través de un mensaje ... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 18%CPEs: 17EXPL: 1CVE-2009-2204
https://notcve.org/view.php?id=CVE-2009-2204
03 Aug 2009 — Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. Vulnerabilidad sin especificar en el componente CoreTelephony en Apple iPhone anterior a 3.0.1, permite a atacantes remotos ejecutar código de su elección, obtener coordenadas GPS o activar el micrófono a través ... • http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html •
CVSS: 9.3EPSS: 9%CPEs: 76EXPL: 1CVE-2009-1690 – kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)
https://notcve.org/view.php?id=CVE-2009-1690
10 Jun 2009 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers.... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4227
https://notcve.org/view.php?id=CVE-2008-4227
25 Nov 2008 — Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas b... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4228
https://notcve.org/view.php?id=CVE-2008-4228
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a u... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •