Page 4 of 20 results (0.006 seconds)

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

CVE-2008-1588

https://notcve.org/view.php?id=CVE-2008-1588

Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31074 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.vupen.com/english/advisories/2009/1522 https://exchange.xforce.ibmcloud.com/vulnerabilities/43732 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 18%CPEs: 14EXPL: 1

CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities

https://notcve.org/view.php?id=CVE-2008-2303

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante vectores que contienen índices de arrays JavaScript que provocan un acceso fuera de límites. Se trata de una vulnerabilidad diferente a CVE-2008-2307. • https://www.exploit-db.com/exploits/32048 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43736 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 78%CPEs: 14EXPL: 0

CVE-2008-2317 – Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2008-2317

WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. WebCore en Safari de Apple no realiza apropiadamente garbage collection de elementos de documentos JavaScript, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de pila y bloqueo de aplicación) por medio de una referencia a la propiedad ownerNode de un objeto CSSStyleSheet copiado de un elemento STYLE, tal y como es demostrado originalmente en el iPhone anterior a la versión 2.0 y en el iPod touch anterior a la versión 2.0, de Apple, una vulnerabilidad diferente de CVE-2008-1590. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript document elements in WebCore. When a CSSStyleSheet object of a style element is copied, and the style element is deallocated, a reference to the ownerNode property of the copied CSSStyleSheet object will result in a heap corruption allowing for the execution of arbitrary code. • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://secunia.com/advisories/32706 http://support.apple.com/kb/HT3298 http://www.securityfocus.com/archive/1/494777/100/0/threaded http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.zerodayinitiative.com/advisories/ZDI-08-045 https: • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 17%CPEs: 12EXPL: 0

CVE-2008-0035

https://notcve.org/view.php?id=CVE-2008-0035

Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los atacantes remotos causar una denegación de servicio (finalización de aplicación) o ejecutar código arbitrario por medio de una URL diseñada que desencadena una corrupción de memoria en Safari. • http://docs.info.apple.com/article.html?artnum=307302 http://docs.info.apple.com/article.html?artnum=307430 http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28497 http://secunia.com/advisories/28891 http://www.securityfocus.com/bid/27296 http://www.securitytracker.com/id?1019220 http://www.us-cert.gov/cas/techalerts/TA08-043B.html http://www.vupen.c • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 2%CPEs: 12EXPL: 0

CVE-2007-5858

https://notcve.org/view.php?id=CVE-2007-5858

WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener información confidencial. • http://docs.info.apple.com/article.html?artnum=307178 http://docs.info.apple.com/article.html?artnum=307179 http://docs.info.apple.com/article.html?artnum=307302 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html http://secunia.com/advisories/28136 http://secunia.com/advisories/28497 http://securitytracker.com/id?1019108 http://www.securityfocus.com/bid/26911 http://www.us-cert.gov/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •