CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4227
https://notcve.org/view.php?id=CVE-2008-4227
25 Nov 2008 — Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas b... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4228
https://notcve.org/view.php?id=CVE-2008-4228
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a u... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4229
https://notcve.org/view.php?id=CVE-2008-4229
25 Nov 2008 — Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Condición de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes físicamente próximos eliminar el bloqueo y lanzar aplicaciones de su elección al restaurar el dispositi... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4230
https://notcve.org/view.php?id=CVE-2008-4230
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. La funcionalidad Passcode Lock en el sistema operativo del iPhone de Apple desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod touch desde la v1.0 hasta la v2.1 muestra ... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 9%CPEs: 16EXPL: 0CVE-2008-4231
https://notcve.org/view.php?id=CVE-2008-4231
25 Nov 2008 — Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1 no maneja adecuadamente los elementos HTML TABLE, esto permite a atacantes remotos ejecutar código de su elección o provocar una denegaci... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-4232
https://notcve.org/view.php?id=CVE-2008-4232
25 Nov 2008 — Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. Safari en Apple iPhone OS 2.0 hasta 2.1 y iPhone OS para iPod touch 2.1 no restringe mostrar contenidos IFRAME para los límites del IFRAME, el cual permite a los atacantes remotos espiar una interfaz de usuario a través de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html •
CVSS: 2.6EPSS: 1%CPEs: 16EXPL: 0CVE-2008-4233
https://notcve.org/view.php?id=CVE-2008-4233
25 Nov 2008 — Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1; no aísla el diálogo de aceptar llamadas (call-approval) del proceso de lanzamiento de nuevas aplicaciones, esto permite a atacantes remotos realizar llamadas d... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 1CVE-2008-3950 – Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3950
16 Sep 2008 — Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. Error de superación de límite en la función _web_drawInRect:withFont:ellipsis:alignment:measureOnly en ... • https://www.exploit-db.com/exploits/32341 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2008-3631
https://notcve.org/view.php?id=CVE-2008-3631
10 Sep 2008 — Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. El Sandbox de Aplicaciones en iPod touch versión 2.0 hasta 2.0.2, y iPhone versión 2.0 hasta 2.0.2 de Apple , no aísla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplic... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 3%CPEs: 16EXPL: 0CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
10 Sep 2008 — Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una den... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-399: Resource Management Errors •