CVSS: 2.1EPSS: 0%CPEs: 33EXPL: 0CVE-2009-1680
https://notcve.org/view.php?id=CVE-2009-1680
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history. Safari en n Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 no borra correctamente el historial de búsqueda cuando es borrada desde la configuración de la aplicación, permitiendo que atacantes próximos físicamente obtengan el historial de búsqueda. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55240 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35448 http://www.vupen.com/english/advisories/2009/1621 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 2%CPEs: 33EXPL: 3CVE-2009-0961 – Apple iPhone 2.2.1 - Call Approval Dialog Security Bypass
https://notcve.org/view.php?id=CVE-2009-0961
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert. El componente Mail en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 descarta el dialogo de aprobación de llamada cuando aparece otra alerta, pudiendo permitir a atacantes remotos forzar al iPhone hacer una llamada sin la aprobación del usuario al causar que una aplicación dispare una alerta. • https://www.exploit-db.com/exploits/33044 https://www.exploit-db.com/exploits/33045 https://www.exploit-db.com/exploits/33046 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55238 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51210 •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2009-0958
https://notcve.org/view.php?id=CVE-2009-0958
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials. Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 guarda una excepción para un nombre de servidor (hostname) cuando el usuario acepta un certificado de servidor Exchange no confiable, provocando que sea aceptado en usos futuros sin consultar al usuario y permitiendo que servidores Exchange remotos obtengan información sensible como las credenciales de acceso. • http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://osvdb.org/55236 http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35447 http://www.vupen.com/english/advisories/2009/1621 https://exchange.xforce.ibmcloud.com/vulnerabilities/51208 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 3%CPEs: 34EXPL: 1CVE-2009-1692 – ECMAScript Denial Of Service
https://notcve.org/view.php?id=CVE-2009-1692
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. WebKit en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicio de dispositivo) mediante una página web conteniendo un objeto HTMLSelectElement con un atributo "length" grande. ECMAScript in IE5, IE6, IE7, IE8, Netscape, Firefox, Safari, Opera, Konqueror, Seamonkey, Wii, PS3, iPhone, iPod, Nokia, Siemens and various other browsers allows for a denial of service condition. • http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55242 http://secunia.com/advisories/36977 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http://www.g-sec. • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 33EXPL: 0CVE-2009-1683
https://notcve.org/view.php?id=CVE-2009-1683
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue." El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegación de servicio (reinicializar el dispositivo) mediante una petición de eco ICMP manipulada, disparando un error de aserción relacionado con un "elemento lógico". • http://jvn.jp/en/jp/JVN87239696/index.html http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://support.apple.com/kb/HT3639 http://www.securityfocus.com/bid/35414 http://www.vupen.com/english/advisories/2009/1621 •