CVSS: 5.7EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1775
https://notcve.org/view.php?id=CVE-2010-1775
22 Jun 2010 — Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Condición de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes físicamente próximos eludir los requerimientos de contraseña establecidos y asociar un dispositivo bloqueado con ... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 8%CPEs: 85EXPL: 0CVE-2010-1387
https://notcve.org/view.php?id=CVE-2010-1387
18 Jun 2010 — Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769. Vulnerabilidad no específicada en WebKit en Apple iTunes anteriores a v9.2 en Windows, tiene un impacto y vectores de ataque desconocidos, es una vulnerabilida... • http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2010-1181
https://notcve.org/view.php?id=CVE-2010-1181
29 Mar 2010 — Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element. Safari en Apple iPhone OS v3.1.3 y en iPod touch permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección a través de una cadena larga en un elemento MARQUEE. • http://nishantdaspatnaik.yolasite.com/ipodpoc6.php • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 5%CPEs: 41EXPL: 1CVE-2009-2206
https://notcve.org/view.php?id=CVE-2009-2206
10 Sep 2009 — Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Múltiples desbordamientos de búfer en la región heap de la memoria en la biblioteca AudioCodecs en el componente CoreAudio en iPhon... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2199
https://notcve.org/view.php?id=CVE-2009-2199
12 Aug 2009 — Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 2CVE-2009-1724 – WebKit - 'parent/top' Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1724
09 Jul 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Una vulnerabilidad de tipo cross-site scripting (XSS) en WebKit en Safari de Apple anterior a versión 4.0.2, tal y como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1 para iPod touch, y otras pl... • https://www.exploit-db.com/exploits/33047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 12%CPEs: 73EXPL: 0CVE-2009-1725
https://notcve.org/view.php?id=CVE-2009-1725
09 Jul 2009 — WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0.2, no maneja adecuadamente las referencias de caracter... • http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1679
https://notcve.org/view.php?id=CVE-2009-1679
19 Jun 2009 — The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuración, puede reemplazar la política de contraseña desde ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1680
https://notcve.org/view.php?id=CVE-2009-1680
19 Jun 2009 — Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. Safari en n Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 no borra correctamente el historial de búsqueda cuando es borrada desde la configuración de la aplicación, permitiendo que atacantes próximos físicamente obtengan... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1683
https://notcve.org/view.php?id=CVE-2009-1683
19 Jun 2009 — The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicializar el dispositivo) mediante una petición de eco ICMP manip... • http://jvn.jp/en/jp/JVN87239696/index.html •