CVSS: 9.3EPSS: 6%CPEs: 16EXPL: 0CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
10 Sep 2008 — Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una den... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2008-3281 – libxml2 denial of service
https://notcve.org/view.php?id=CVE-2008-3281
27 Aug 2008 — libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. libxml2 2.6.32 y anteriores, no detecta correctamente la recursividad durante la expansión de una entidad en un valor de un atributo; esto permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de la memoria y la CPU) mediante un documento ... • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 9.3EPSS: 64%CPEs: 14EXPL: 0CVE-2008-2317 – Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2317
14 Jul 2008 — WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. WebCore en Safari de Apple no realiza apropiadamente garbage co... • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 16%CPEs: 14EXPL: 1CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2303
14 Jul 2008 — Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación ... • https://www.exploit-db.com/exploits/32048 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1589
https://notcve.org/view.php?id=CVE-2008-1589
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a ataca... • http://jvn.jp/en/jp/JVN88676089/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
14 Jul 2008 — JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1588
https://notcve.org/view.php?id=CVE-2008-1588
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 3CVE-2008-0729 – Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0729
12 Feb 2008 — Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. Mobile Safari en Apple iPhone en versiones 1.1.2 y 1.1.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispo... • https://www.exploit-db.com/exploits/31057 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-0034
https://notcve.org/view.php?id=CVE-2008-0034
16 Jan 2008 — Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. Vulnerabilidad no especificada en Passcode Lock en Apple iPhone 1.0 hasta el 1.1.2 permite a usuarios con acceso físico ejecutar aplicaciones Sin entrar en el código de acceso a través de los vectores relacionados con las llamadas de emergencia. • http://docs.info.apple.com/article.html?artnum=307302 •
CVSS: 8.8EPSS: 25%CPEs: 12EXPL: 0CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
16 Jan 2008 — Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los ... • http://docs.info.apple.com/article.html?artnum=307302 • CWE-399: Resource Management Errors •