CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1407
https://notcve.org/view.php?id=CVE-2010-1407
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada el método history.replaceState en ciertas situaciones relacionadas con elementos IFRAME, lo que permite a atacantes remotos obtener información sensible mediante un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4225 http://support.apple.com/kb/HT4456 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securit • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 93%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en Safari de Apple anterior a versión 5.0 sobre Mac OS X versiones 10.5 hasta 10.6 y Windows, Safari anterior a versión 4.1 sobre Mac OS X versión 10.4, y Safari en iPhone OS de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación), o leer la base de datos SMS u otros datos, por medio de vectores relacionados con "attribute manipulation", como es demostrado por Vincenzo Iozzo y Ralf Philipp Weinmann durante una competición Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page. The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. • https://www.exploit-db.com/exploits/16974 http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40105 http://secunia.com/advisories/40196 http://securityreason.com/securityalert • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 89%CPEs: 54EXPL: 5CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y iPhone OS para iPod touch, y Google Chrome v4.0.249, permite a tacantes remotos provocar una denegación de servicio(caída de aplicación) o posiblemente ejecutar código de su elección a través de un elemento STYLE compuesto de un número largo de secuencias *> • https://www.exploit-db.com/exploits/11574 https://www.exploit-db.com/exploits/11567 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/43068 http://www.exploit-db.com/exploits/11567 http://www.exploit-db.com/exploits/11574 http://www.securityfocus.com/bid/38398 http://www.vupen.com/english/advisories/2011/0212 https://exchange.xforce.ibmcloud.com/vulnerabilities/56524 https://exchange.xforce.ibmcloud.com/vulnerabilities/56527 https • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 50EXPL: 0CVE-2010-0038
https://notcve.org/view.php?id=CVE-2010-0038
Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. El modo de recuperación en Apple iPhone OS desde v1.0 hasta v3.1.2, y iPhone OS para iPod touch desde v1.1 hasta v3.1.2, permite a atacantes físicamente próximos evitar el bloqueo del dispositivo, y leer o modificar datos de forma arbitraria, a través del mensaje de control de USB que inicia una corrupción de memoria. • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html http://osvdb.org/62128 http://support.apple.com/kb/HT4013 http://www.securityfocus.com/bid/38040 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3273
https://notcve.org/view.php?id=CVE-2009-3273
iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. iPhone Mail en Apple iPhone OS, y en iPhone OS para iPod touch, no valida los certificados X.509, permitiendo a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores de e-mail SSL de su elección mediante un certificado manipulado. • http://www.securityfocus.com/archive/1/506428/100/0/threaded http://www.securityfocus.com/bid/36370 https://exchange.xforce.ibmcloud.com/vulnerabilities/53234 • CWE-310: Cryptographic Issues •