CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2007-3757
https://notcve.org/view.php?id=CVE-2007-3757
27 Sep 2007 — Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to trick the iPhone user into making calls to arbitrary telephone numbers via a crafted "tel:" link that causes iPhone to display a different number than the number that will be dialed. Safari en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario engañar al usuario del iPhone para que haga llamadas a números de teléfono de su elección mediante un enlace "tel:" manipulado artesanalmente que provoca que el iPhone mue... • http://docs.info.apple.com/article.html?artnum=306586 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3754
https://notcve.org/view.php?id=CVE-2007-3754
27 Sep 2007 — Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. Mail en Apple iPhone 1.1.1, al usar SSL, no avisa al usuario cuando el servidor de correo cambia o no es confiable, lo cual permite a atacantes remotos robar credenciales y leer correos electrónicos mediante un ataque de hombre en el medio (MITM, man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=306586 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 40%CPEs: 3EXPL: 0CVE-2007-3944
https://notcve.org/view.php?id=CVE-2007-3944
23 Jul 2007 — Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifie... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 13%CPEs: 5EXPL: 1CVE-2007-2401 – Apple WebCore - XMLHTTPRequest Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2401
25 Jun 2007 — CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. NOTE: this issue can be leveraged for cross-site scripting (XSS) attacks. Una vulnerabilidad de inyección de CRLF en WebCore en Mac OS X las versiones 10.3.9, 10.4.9 y posterior, y iPhone anterior a la versión 1.0.1... • https://www.exploit-db.com/exploits/30228 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 26%CPEs: 5EXPL: 0CVE-2007-2399
https://notcve.org/view.php?id=CVE-2007-2399
25 Jun 2007 — WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. WebKit en Apple Mac OS X versiones 10.3.9, 10.4.9 y posteriores, y iPhone versiones anteriores a 1.0.1, realiza una "invalid type conversion", que permite a atacantes remotos ejecutar código arbitrario por medio de conjuntos de tramas no especificados que desencadenan una corrupción... • http://docs.info.apple.com/article.html?artnum=305759 •
CVSS: 4.7EPSS: 1%CPEs: 6EXPL: 0CVE-2007-2400
https://notcve.org/view.php?id=CVE-2007-2400
25 Jun 2007 — Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, Windows XP, Windows Vista, and iPhone before 1.0.1, allows remote attackers to bypass the JavaScript security model and modify pages outside of the security domain and conduct cross-site scripting (XSS) attacks via vectors related to page updating and HTTP redirects. Una condición de carrera en Apple Safari versiones 3 Beta anteriores a 3.0.2 en Mac OS X, Windows XP, Windows Vista, y iPhone versiones anteriores a 1.0.1, permite a atacantes remo... • http://docs.info.apple.com/article.html?artnum=306173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •