CVSS: 9.3EPSS: 7%CPEs: 3EXPL: 3CVE-2010-1177 – Apple Safari iPhone/iPod touch - Webpage Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-1177
29 Mar 2010 — Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings. Safari en Apple iPhone OS v3.1.3 y en iPod touch permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores de ataque relacionados con llamadas document.write con cadenas de texto extensas m... • https://www.exploit-db.com/exploits/33811 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 4CVE-2010-1176 – Apple iOS Safari - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1176
29 Mar 2010 — Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no associated TABLE element, and certain calls to the delete operator and the cloneNode, clearAttributes, and CollectGarbage methods, possibly a related issue to CVE-2009-0075. Safari en Apple iPhone OS v3.1.3 y en i... • https://www.exploit-db.com/exploits/11891 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 3EXPL: 3CVE-2010-1180 – Apple Safari for iPhone/iPod touch - 'Throw' Exception Remote Code Execution
https://notcve.org/view.php?id=CVE-2010-1180
29 Mar 2010 — Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514. Safari en Apple iPhone OS v3.1.3 y en iPod touch permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección a través de una cadena de excepción larga en una instrucción "throw" (generar ex... • https://www.exploit-db.com/exploits/33810 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 87%CPEs: 108EXPL: 1CVE-2010-1119 – Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1119
25 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. Una vulnerabilidad de uso de memoria pr... • https://www.exploit-db.com/exploits/16974 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 89%CPEs: 54EXPL: 5CVE-2010-1029 – iPhone - 'WebCore::CSSSelector()' Remote Crash
https://notcve.org/view.php?id=CVE-2010-1029
19 Mar 2010 — Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. Vulnerabilidad de consumo en la pila en la función WebCore:: CSSSelector en WebKit, utilizado en Apple Safari v4.0.4, Apple Safari en iPhone OS y ... • https://www.exploit-db.com/exploits/11574 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 74%CPEs: 10EXPL: 1CVE-2010-0050 – Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0050
12 Mar 2010 — Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags. Vulnerabilidad uso después de la liberación (use-after-free) en Apple Safari anterior v4.0.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un documento HTML con etiquetas inadecuadamente anidadas. This vulnerabil... • https://www.exploit-db.com/exploits/12425 • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 50EXPL: 0CVE-2010-0038
https://notcve.org/view.php?id=CVE-2010-0038
03 Feb 2010 — Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for iPod touch 1.1 through 3.1.2, allows physically proximate attackers to bypass device locking, and read or modify arbitrary data, via a USB control message that triggers memory corruption. El modo de recuperación en Apple iPhone OS desde v1.0 hasta v3.1.2, y iPhone OS para iPod touch desde v1.1 hasta v3.1.2, permite a atacantes físicamente próximos evitar el bloqueo del dispositivo, y leer o modificar datos de forma arbitraria, a través de... • http://lists.apple.com/archives/security-announce/2010/Feb/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 3EXPL: 1CVE-2010-0496 – iOS Serversman 3.1.5 - HTTP Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-0496
03 Feb 2010 — FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for iPod touch, allows remote attackers to cause a denial of service (daemon crash) via a HEAD request for the / URI. FreeBit ServersMan v3.1.5 para iPhone e iPod 3.1.2 e iPhone OS para iPod Touch, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de una petición HEAD para la URI /. • https://www.exploit-db.com/exploits/11273 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2009-2816
https://notcve.org/view.php?id=CVE-2009-2816
13 Nov 2009 — The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. La implementación de Cross-Origin Resource Sharing (CORS) en WebKit, tal como es usado en Safari de Apple anterior a versión 4.0.4 y Chrome d... • http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3271 – Apple Safari IPhone - using tel: Remote Crash
https://notcve.org/view.php?id=CVE-2009-3271
21 Sep 2009 — Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a denial of service (application crash) via a long tel: URL in the SRC attribute of an IFRAME element. Apple Safari en iPhone OS 3.0.1 permite a atacantes remotos provocar una denegación de servicio (fin de la aplicación) mediante una URL tel: larga en el atributo "SRC" de un elemento IFRAME. • https://www.exploit-db.com/exploits/9666 • CWE-20: Improper Input Validation •