CVSS: 9.3EPSS: 7%CPEs: 48EXPL: 1CVE-2009-1701 – Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-1701
08 Jun 2009 — Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4227
https://notcve.org/view.php?id=CVE-2008-4227
25 Nov 2008 — Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas b... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4228
https://notcve.org/view.php?id=CVE-2008-4228
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a u... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4229
https://notcve.org/view.php?id=CVE-2008-4229
25 Nov 2008 — Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Condición de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes físicamente próximos eliminar el bloqueo y lanzar aplicaciones de su elección al restaurar el dispositi... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4230
https://notcve.org/view.php?id=CVE-2008-4230
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. La funcionalidad Passcode Lock en el sistema operativo del iPhone de Apple desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod touch desde la v1.0 hasta la v2.1 muestra ... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 9%CPEs: 16EXPL: 0CVE-2008-4231
https://notcve.org/view.php?id=CVE-2008-4231
25 Nov 2008 — Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1 no maneja adecuadamente los elementos HTML TABLE, esto permite a atacantes remotos ejecutar código de su elección o provocar una denegaci... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-4232
https://notcve.org/view.php?id=CVE-2008-4232
25 Nov 2008 — Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. Safari en Apple iPhone OS 2.0 hasta 2.1 y iPhone OS para iPod touch 2.1 no restringe mostrar contenidos IFRAME para los límites del IFRAME, el cual permite a los atacantes remotos espiar una interfaz de usuario a través de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html •
CVSS: 2.6EPSS: 1%CPEs: 16EXPL: 0CVE-2008-4233
https://notcve.org/view.php?id=CVE-2008-4233
25 Nov 2008 — Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1; no aísla el diálogo de aceptar llamadas (call-approval) del proceso de lanzamiento de nuevas aplicaciones, esto permite a atacantes remotos realizar llamadas d... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html •
CVSS: 7.1EPSS: 1%CPEs: 15EXPL: 0CVE-2008-1586
https://notcve.org/view.php?id=CVE-2008-1586
25 Nov 2008 — ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. ImageIO en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1, permite a los atacantes remotos causar una denegación de servicio(consumo de memoria o reinicio del dispositivo) a través de una imagen TIFF manipulada. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3631
https://notcve.org/view.php?id=CVE-2008-3631
10 Sep 2008 — Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. El Sandbox de Aplicaciones en iPod touch versión 2.0 hasta 2.0.2, y iPhone versión 2.0 hasta 2.0.2 de Apple , no aísla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplic... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •