CVSS: 5.8EPSS: 0%CPEs: 74EXPL: 0CVE-2009-2199
https://notcve.org/view.php?id=CVE-2009-2199
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas, permite a atacantes remotos falsificar nombres de dominio en URL y posiblemente conducir ataques de phishing, por medio de homoglifos no especificados. • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/36677 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3733 http://support.apple.com/kb/HT3860 http://www.securityfocus.com/bid/36026 http://www.securitytracker.com/id?1022719 http://www.vupen.com/english/advisories&#x •
CVSS: 4.3EPSS: 0%CPEs: 73EXPL: 2CVE-2009-1724 – WebKit - 'parent/top' Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1724
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Una vulnerabilidad de tipo cross-site scripting (XSS) en WebKit en Safari de Apple anterior a versión 4.0.2, tal y como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1 para iPod touch, y otras plataformas, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con los objetos primarios y superiores. • https://www.exploit-db.com/exploits/33047 http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55738 http://secunia.com/advisories/35758 http://secunia.com/advisories/36677 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3666 http://support.apple.com/kb/HT3860 http://www&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 3%CPEs: 73EXPL: 0CVE-2009-1725
https://notcve.org/view.php?id=CVE-2009-1725
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0.2, no maneja adecuadamente las referencias de caracteres numéricos, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55739 http://secunia.com/advisories/35758 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36347 http://secunia.com/advisories/36677 http://secunia.com/advisories/36790 http://secunia.com/advi • CWE-189: Numeric Errors •
CVSS: 2.1EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1679
https://notcve.org/view.php?id=CVE-2009-1679
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuración, puede reemplazar la política de contraseña desde Exchange ActiveSync por una política de contraseña débil, permitiendo a atacantes próximos físicamente eludir la política prevista. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55239 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35436 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51212 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 1%CPEs: 33EXPL: 0CVE-2009-0959
https://notcve.org/view.php?id=CVE-2009-0959
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." El codificador de vídeo MPEG-4 en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicialización de dispositivo) mediante un fichero de vídeo MPEG-4 manipulado que dispara un "evento de validación de entrada". • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55237 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35433 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51211 • CWE-20: Improper Input Validation •