CVSS: 7.5EPSS: 4%CPEs: 34EXPL: 1CVE-2009-1692
https://notcve.org/view.php?id=CVE-2009-1692
19 Jun 2009 — WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. WebKit en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de s... • http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 33EXPL: 3CVE-2009-0961 – Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass
https://notcve.org/view.php?id=CVE-2009-0961
19 Jun 2009 — The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. El componente Mail en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 descarta el dialogo de aprobación de llamada cuando aparece otra alerta, pudiendo permitir a atacantes r... • https://www.exploit-db.com/exploits/33044 •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1679
https://notcve.org/view.php?id=CVE-2009-1679
19 Jun 2009 — The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuración, puede reemplazar la política de contraseña desde ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 33EXPL: 0CVE-2009-0959
https://notcve.org/view.php?id=CVE-2009-0959
19 Jun 2009 — The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." El codificador de vídeo MPEG-4 en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicialización de dispositivo) mediante un fichero de vídeo MPEG-4 manipulado que... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-0958
https://notcve.org/view.php?id=CVE-2009-0958
19 Jun 2009 — Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 guarda una excepción para un nombre de servidor (hostname) cuando el usuario acepta un certificado ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1683
https://notcve.org/view.php?id=CVE-2009-1683
19 Jun 2009 — The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicializar el dispositivo) mediante una petición de eco ICMP manip... • http://jvn.jp/en/jp/JVN87239696/index.html •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1680
https://notcve.org/view.php?id=CVE-2009-1680
19 Jun 2009 — Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. Safari en n Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 no borra correctamente el historial de búsqueda cuando es borrada desde la configuración de la aplicación, permitiendo que atacantes próximos físicamente obtengan... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 1CVE-2009-1700
https://notcve.org/view.php?id=CVE-2009-1700
10 Jun 2009 — The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document. La implementación XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde páginas web arbitrarias a través de documentos manipudados. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 1CVE-2009-1702
https://notcve.org/view.php?id=CVE-2009-1702
10 Jun 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos inyectar secuencias de comandos web i HTML a traves de vctores relacionados con la... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 9%CPEs: 48EXPL: 1CVE-2009-1701 – Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-1701
08 Jun 2009 — Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-399: Resource Management Errors •