CVSS: 10.0EPSS: 18%CPEs: 17EXPL: 1CVE-2009-2204
https://notcve.org/view.php?id=CVE-2009-2204
03 Aug 2009 — Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. Vulnerabilidad sin especificar en el componente CoreTelephony en Apple iPhone anterior a 3.0.1, permite a atacantes remotos ejecutar código de su elección, obtener coordenadas GPS o activar el micrófono a través ... • http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html •
CVSS: 9.3EPSS: 3%CPEs: 73EXPL: 0CVE-2009-1725
https://notcve.org/view.php?id=CVE-2009-1725
09 Jul 2009 — WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit en Apple Safari anterior a v4.0.2, no maneja adecuadamente las referencias de caracter... • http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 1%CPEs: 73EXPL: 2CVE-2009-1724 – WebKit - 'parent/top' Cross Domain Scripting
https://notcve.org/view.php?id=CVE-2009-1724
09 Jul 2009 — Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Una vulnerabilidad de tipo cross-site scripting (XSS) en WebKit en Safari de Apple anterior a versión 4.0.2, tal y como es usado en iPhone OS anterior a versión 3.1, iPhone OS anterior a versión 3.1.1 para iPod touch, y otras pl... • https://www.exploit-db.com/exploits/33047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1692
https://notcve.org/view.php?id=CVE-2009-1692
19 Jun 2009 — WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. WebKit en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de s... • http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121 • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 1%CPEs: 33EXPL: 0CVE-2009-0959
https://notcve.org/view.php?id=CVE-2009-0959
19 Jun 2009 — The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue." El codificador de vídeo MPEG-4 en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicialización de dispositivo) mediante un fichero de vídeo MPEG-4 manipulado que... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1679
https://notcve.org/view.php?id=CVE-2009-1679
19 Jun 2009 — The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy. El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuración, puede reemplazar la política de contraseña desde ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 33EXPL: 3CVE-2009-0961 – Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass
https://notcve.org/view.php?id=CVE-2009-0961
19 Jun 2009 — The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. El componente Mail en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 descarta el dialogo de aprobación de llamada cuando aparece otra alerta, pudiendo permitir a atacantes r... • https://www.exploit-db.com/exploits/33044 •
CVSS: 7.8EPSS: 1%CPEs: 33EXPL: 0CVE-2009-1683
https://notcve.org/view.php?id=CVE-2009-1683
19 Jun 2009 — The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicializar el dispositivo) mediante una petición de eco ICMP manip... • http://jvn.jp/en/jp/JVN87239696/index.html •
CVSS: 7.5EPSS: 0%CPEs: 33EXPL: 0CVE-2009-0958
https://notcve.org/view.php?id=CVE-2009-0958
19 Jun 2009 — Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 guarda una excepción para un nombre de servidor (hostname) cuando el usuario acepta un certificado ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-0960
https://notcve.org/view.php?id=CVE-2009-0960
19 Jun 2009 — The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL. El componente Mail en iPhone OS versiones 1.0 hasta 2.2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, no proporciona una opción para deshabilitar la carga remota de imágenes en el co... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html •