NotCVE - vendor:"Apple" product:"Iphone" version:"1.1"

Page 4 of 35 results (0.023 seconds)

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2009-2815

https://notcve.org/view.php?id=CVE-2009-2815

The Telephony component in Apple iPhone OS before 3.1 does not properly handle SMS arrival notifications, which allows remote attackers to cause a denial of service (NULL pointer dereference and service interruption) via a crafted SMS message. El componente Telephony en Apple iPhone OS anterior a v3.1 no maneja adecuadamente las notificaciones de llegada SMS, lo que permite a atacantes remotos provocar una denagación de servicio (puntero a deferencia NULL e interrupción del servicio) a través de un mensaje SMS manipulado. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://secunia.com/advisories/36677 http://support.apple.com/kb/HT3860 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 23%CPEs: 17EXPL: 1

CVE-2009-2204

https://notcve.org/view.php?id=CVE-2009-2204

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore. Vulnerabilidad sin especificar en el componente CoreTelephony en Apple iPhone anterior a 3.0.1, permite a atacantes remotos ejecutar código de su elección, obtener coordenadas GPS o activar el micrófono a través de un SMS que provoca una corrupción de memoria, como se demostró por Charlie Miller en la SyScan '09 en Singapur. • http://lists.apple.com/archives/security-announce/2009/Jul/msg00001.html http://news.cnet.com/8301-1009_3-10278472-83.html http://secunia.com/advisories/36070 http://securitytracker.com/id?1022626 http://support.apple.com/kb/HT3754 http://www.blackhat.com/presentations/bh-usa-09/MILLER/BHUSA09-Miller-FuzzingPhone-PAPER.pdf http://www.osvdb.org/55687 http://www.securityfocus.com/bid/35569 http://www.syscan.org/Sg/program.html http://www.vupen.com/english/advisories/2009 •

CVSS: 9.3EPSS: 5%CPEs: 76EXPL: 1

CVE-2009-1690 – kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)

https://notcve.org/view.php?id=CVE-2009-1690

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." Una vulnerabilidad de uso de memoria previamente liberada en WebKit, como es usado en Safari de Apple anterior a versión 4.0, iPhone OS versiones 1.0 hasta 2.2.1, iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, Chrome de Google versión 1.0.154.53, y posiblemente otros productos, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) mediante el establecimiento de una propiedad no especificada de una etiqueta HTML que causa que los elementos secundarios se liberen y más adelante se tenga acceso cuando se produce un error HTML, relacionado con "recursion in certain DOM event handlers". • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/54990 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36790 http://secunia.com/advisories • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 2%CPEs: 15EXPL: 0

CVE-2008-1586

https://notcve.org/view.php?id=CVE-2008-1586

ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image. ImageIO en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1, permite a los atacantes remotos causar una denegación de servicio(consumo de memoria o reinicio del dispositivo) a través de una imagen TIFF manipulada. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html http://osvdb.org/50023 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021270 http://www.vupen.com/english/advisories/2008/3232 • CWE-399: Resource Management Errors •

CVSS: 1.9EPSS: 0%CPEs: 15EXPL: 0

CVE-2008-4230

https://notcve.org/view.php?id=CVE-2008-4230

The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. La funcionalidad Passcode Lock en el sistema operativo del iPhone de Apple desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod touch desde la v1.0 hasta la v2.1 muestra los mensajes SMS cuando la pantalla de llamada de emergencia esta visible, lo que permite a atacantes físicamente próximos obtener información sensible mediante la lectura de estos mensajes. NOTA: Podría ser una vulnerabilidad duplicada de CVE-2008-4593 • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50027 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.vupen.com/english/advisories/2008/3232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •

1 2 3 4 5