CVSS: 9.3EPSS: 13%CPEs: 16EXPL: 0CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
10 Sep 2008 — Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una den... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1589
https://notcve.org/view.php?id=CVE-2008-1589
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a ataca... • http://jvn.jp/en/jp/JVN88676089/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
14 Jul 2008 — JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 20%CPEs: 14EXPL: 1CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2303
14 Jul 2008 — Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación ... • https://www.exploit-db.com/exploits/32048 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 14%CPEs: 14EXPL: 0CVE-2008-2317 – Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2317
14 Jul 2008 — WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590. WebCore en Safari de Apple no realiza apropiadamente garbage co... • http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1588
https://notcve.org/view.php?id=CVE-2008-1588
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-20: Improper Input Validation •