Page 32 of 165 results (0.010 seconds)

CVSS: 9.3EPSS: 8%CPEs: 16EXPL: 0

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una página web con sentencias de importación de Hojas de Estilo en Cascada (CSS). • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://secunia.com/advisories/31823 http://secunia.com/advisories/31900 http://secunia.com/advisories/32099 http://secunia.com/advisories/32860 http://secunia.com/advisories/35379 http:// • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31074 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.vupen.com/english/advisories/2009/1522 https://exchange.xforce.ibmcloud.com/vulnerabilities/43732 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a atacantes remotos falsificar los sitios Web. • http://jvn.jp/en/jp/JVN88676089/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43734 • CWE-20: Improper Input Validation •

CVSS: 6.8EPSS: 3%CPEs: 14EXPL: 0

JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante vectores no especificados que provocan una corrupción de memoria. Se trata de una vulnerabilidad diferente de CVE-2008-2317. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43738 • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 77%CPEs: 14EXPL: 0

WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. WebCore en Safari de Apple no realiza apropiadamente garbage collection de elementos de documentos JavaScript, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de pila y bloqueo de aplicación) por medio de una referencia a la propiedad ownerNode de un objeto CSSStyleSheet copiado de un elemento STYLE, tal y como es demostrado originalmente en el iPhone anterior a la versión 2.0 y en el iPod touch anterior a la versión 2.0, de Apple, una vulnerabilidad diferente de CVE-2008-1590. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/archive/1/494777/100/0/threaded http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.zerodayinitiative.com/advisories/ZDI-08-045 https: • CWE-399: Resource Management Errors •