CVE-2008-4227
https://notcve.org/view.php?id=CVE-2008-4227
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas bajo del que fue usado previamente, lo cual facilita a atacantes remotos obtener información sensible o secuestras una conexión mediante el descifrado del trafico de red. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html http://osvdb.org/50024 http://secunia.com/advisories/32756 http://support.apple.com/kb/HT3318 http://www.securityfocus.com/bid/32394 http://www.securitytracker.com/id?1021269 http://www.vupen.com/english/advisories/2008/3232 • CWE-310: Cryptographic Issues •
CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (bloqueo de aplicación) por medio de una página web con sentencias de importación de Hojas de Estilo en Cascada (CSS). • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html http://secunia.com/advisories/31823 http://secunia.com/advisories/31900 http://secunia.com/advisories/32099 http://secunia.com/advisories/32860 http://secunia.com/advisories/35379 http:// • CWE-399: Resource Management Errors •
CVE-2008-1588
https://notcve.org/view.php?id=CVE-2008-1588
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://secunia.com/advisories/31074 http://secunia.com/advisories/35379 http://support.apple.com/kb/HT3613 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references http://www.vupen.com/english/advisories/2009/1522 https://exchange.xforce.ibmcloud.com/vulnerabilities/43732 • CWE-20: Improper Input Validation •
CVE-2008-1589
https://notcve.org/view.php?id=CVE-2008-1589
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a atacantes remotos falsificar los sitios Web. • http://jvn.jp/en/jp/JVN88676089/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43734 • CWE-20: Improper Input Validation •
CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) mediante vectores no especificados que provocan una corrupción de memoria. Se trata de una vulnerabilidad diferente de CVE-2008-2317. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://secunia.com/advisories/31074 http://www.securityfocus.com/bid/30186 http://www.vupen.com/english/advisories/2008/2094/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43738 • CWE-399: Resource Management Errors •