Page 31 of 164 results (0.012 seconds)

CVSS: 2.6EPSS: 2%CPEs: 16EXPL: 0

Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1; no aísla el diálogo de aceptar llamadas (call-approval) del proceso de lanzamiento de nuevas aplicaciones, esto permite a atacantes remotos realizar llamadas de teléfono de su elección a través de un documento HTML manipulado. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50030 http://secunia.com/advisories/32756 http://securitytracker.com/id?1021264 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.vupen.com/english/advisories/2008/3232 •

CVSS: 3.7EPSS: 0%CPEs: 15EXPL: 0

Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Condición de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes físicamente próximos eliminar el bloqueo y lanzar aplicaciones de su elección al restaurar el dispositivo desde una copia de seguridad. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50026 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021271 http://www.vupen.com/english/advisories/2008/3232 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 3.6EPSS: 0%CPEs: 15EXPL: 0

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a un número de se elección. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50025 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021271 http://www.vupen.com/english/advisories/2008/3232 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0

Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas bajo del que fue usado previamente, lo cual facilita a atacantes remotos obtener información sensible o secuestras una conexión mediante el descifrado del trafico de red. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50024 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021269 http://www.vupen.com/english/advisories/2008/3232 • CWE-310: Cryptographic Issues •

CVSS: 10.0EPSS: 7%CPEs: 23EXPL: 0

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns." Un error en la propiedad signedness de enteros en (1) QuickLook en Mac OS X versión 10.5.5 de Apple y (2) Office Viewer en iPhone OS de Apple versiones 1.0 hasta 2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.1, permite a los atacantes remotos causar una denegación de servicio (terminación de aplicación) y ejecutar código arbitrario por medio de un archivo de Microsoft Excel diseñado que desencadena un acceso de memoria fuera de límites, relacionado con el "handling of columns”. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/32222 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3216 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/31681 http://www.securityfocus.com/bid/31707 http://www.securitytracker.com/id?1021027 http://www.vupen.com/english/advisories/2008/2780 http://www.vupen& • CWE-189: Numeric Errors •