CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2009-3273
https://notcve.org/view.php?id=CVE-2009-3273
21 Sep 2009 — iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL e-mail servers via a crafted certificate. iPhone Mail en Apple iPhone OS, y en iPhone OS para iPod touch, no valida los certificados X.509, permitiendo a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores de e-mail SSL de su elección mediante un certificado manipulado. • http://www.securityfocus.com/archive/1/506428/100/0/threaded • CWE-310: Cryptographic Issues •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2009-2815
https://notcve.org/view.php?id=CVE-2009-2815
10 Sep 2009 — The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. El componente Telephony en Apple iPhone OS anterior a v3.1 no maneja adecuadamente las notificaciones de llegada SMS, lo que permite a atacantes remotos provocar una denagación de servicio (puntero a deferencia NULL e interrupción del servicio) a través de un mensaje ... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 4.6EPSS: 0%CPEs: 16EXPL: 0CVE-2009-2794
https://notcve.org/view.php?id=CVE-2009-2794
10 Sep 2009 — The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. El componente Exchange Support en Apple iPhome OS anteriores a la 3.1, e iPhone OS anteriores a 3.1.1 para iPod touch, no implementan de forma adecuada la funcionalidad de bloqueo por tiempo de inactivida... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-2207
https://notcve.org/view.php?id=CVE-2009-2207
10 Sep 2009 — The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone OS 3.0 for iPod touch, lists deleted e-mail messages in Spotlight search results, which might allow local users to obtain sensitive information by reading these messages. El componente MobileMail en Apple iPhone OS v3.0 y v3.0.1, y iPhone OS v3.0 para iPod touch, lista mensajes de correo electrónico borrados en los resultados de búsqueda de Spotlight, lo que permitiría a usuarios locales obtener información sensible mediante la lectura de... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2795
https://notcve.org/view.php?id=CVE-2009-2795
10 Sep 2009 — Heap-based buffer overflow in the Recovery Mode component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allows local users to bypass the passcode requirement and access arbitrary data via vectors related to "command parsing." Desbordamiento de búfer basado en memoria dinámica en el componente Recovery Mode en Apple iPhone OS anterior a v3.1, e iPhone OS anterior a v3.1.1 para iPod touch, permite a usuarios locales evitar el requisito de "requerir clave" y acceder a datos de su el... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2009-2797
https://notcve.org/view.php?id=CVE-2009-2797
10 Sep 2009 — The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. El componente WebKit de Safari en Apple iPhone OS en versiones anteriores a la v3.1, e iPhone OS en versiones anteriores a la v3.1.1 para iPod touch, no elimina los nombres de usuario y contraseñas de las URLs enviadas en las cab... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2009-2796
https://notcve.org/view.php?id=CVE-2009-2796
10 Sep 2009 — The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. El componente UIKit en Apple iPhone OS v3.0, y iPhone OS v3.0.1 para iPod touch, permite a atacantes que estén físicamente próximos podrían descubrir la contraseña vigilando al usuario cuando borra caracteres del la contraseña • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 3%CPEs: 41EXPL: 1CVE-2009-2206
https://notcve.org/view.php?id=CVE-2009-2206
10 Sep 2009 — Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table. Múltiples desbordamientos de búfer en la región heap de la memoria en la biblioteca AudioCodecs en el componente CoreAudio en iPhon... • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2199
https://notcve.org/view.php?id=CVE-2009-2199
12 Aug 2009 — Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs. Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versión 4.0.3, como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1, para iPod touch y otras plataformas... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
11 Aug 2009 — Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto p... • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html • CWE-416: Use After Free •