CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2303
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante vectores que contienen índices de arrays JavaScript que provocan un acceso fuera de límites. Se trata de una vulnerabilidad diferente a CVE-2008-2307. • https://www.exploit-db.com/exploits/32048 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43736 • CWE-189: Numeric Errors •
CVE-2008-0729 – Apple iOS Mobile Safari - Memory Exhaustion Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-0729
Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information. Mobile Safari en Apple iPhone en versiones 1.1.2 y 1.1.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y caída del dispositivo) a través de cierto código JavaScript que crea una cadena larga y un array que contiene elementos de cadena larga. Probablemente esté relacionado con CVE-2006-3677. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/31057 http://securityreason.com/securityalert/3630 http://www.securityfocus.com/archive/1/487607/100/0/threaded http://www.securityfocus.com/archive/1/492225/100/0/threaded http://www.securityfocus.com/bid/27442 https://exchange.xforce.ibmcloud.com/vulnerabilities/39998 https://www.exploit-db.com/exploits/4978 • CWE-399: Resource Management Errors •
CVE-2008-0034
https://notcve.org/view.php?id=CVE-2008-0034
Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. Vulnerabilidad no especificada en Passcode Lock en Apple iPhone 1.0 hasta el 1.1.2 permite a usuarios con acceso físico ejecutar aplicaciones Sin entrar en el código de acceso a través de los vectores relacionados con las llamadas de emergencia. • http://docs.info.apple.com/article.html?artnum=307302 http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28497 http://www.securityfocus.com/bid/27297 http://www.securitytracker.com/id?1019219 http://www.vupen.com/english/advisories/2008/0147 https://exchange.xforce.ibmcloud.com/vulnerabilities/39701 •
CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) o ejecutar código arbitrario por medio de una URL diseñada que desencadena una corrupción de memoria en Safari. • http://docs.info.apple.com/article.html?artnum=307302 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28497 http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27296 http://www.securitytracker.com/id?1019220 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.c • CWE-399: Resource Management Errors •
CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener información confidencial. • http://docs.info.apple.com/article.html?artnum=307178 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307302 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28497 http://securitytracker.com/id?1019108 http://www.securityfocus.com/bid/26911 http://www.us-cert.gov/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •