CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22592 – webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
https://notcve.org/view.php?id=CVE-2022-22592
31 Jan 2022 — A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Se abordó un problema de lógica con una administración de estados mejorada. Este problema es corregido en iOS versión 15.3 y iPadOS versión 15.3, watchOS versión 8.4, tvOS versión 15.3, Safari versión 15.3, macOS Monterey versión 12.2. • https://security.gentoo.org/glsa/202208-39 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 1CVE-2008-3950 – Apple iOS 1.1.4/2.0 / iPod 1.1.4/2.0 touch Safari WebKit - 'alert()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-3950
16 Sep 2008 — Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read. Error de superación de límite en la función _web_drawInRect:withFont:ellipsis:alignment:measureOnly en ... • https://www.exploit-db.com/exploits/32341 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 13%CPEs: 16EXPL: 0CVE-2008-3632
https://notcve.org/view.php?id=CVE-2008-3632
10 Sep 2008 — Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements. Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar código arbitrario o causar una den... • http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0CVE-2008-1589
https://notcve.org/view.php?id=CVE-2008-1589
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un botón del menú como la confirmación de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no válido; esto facilita a ataca... • http://jvn.jp/en/jp/JVN88676089/index.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1590
https://notcve.org/view.php?id=CVE-2008-1590
14 Jul 2008 — JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317. JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolección de basura en tiempo de ejecución, esto permite a... • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 20%CPEs: 14EXPL: 1CVE-2008-2303 – Apple iPhone / Apple iPod Touch < 2.0 - Multiple Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2303
14 Jul 2008 — Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307. Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar código de su elección o provocar una denegación ... • https://www.exploit-db.com/exploits/32048 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 14EXPL: 0CVE-2008-1588
https://notcve.org/view.php?id=CVE-2008-1588
14 Jul 2008 — Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL. Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideográficos en la URL. • http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-0034
https://notcve.org/view.php?id=CVE-2008-0034
16 Jan 2008 — Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. Vulnerabilidad no especificada en Passcode Lock en Apple iPhone 1.0 hasta el 1.1.2 permite a usuarios con acceso físico ejecutar aplicaciones Sin entrar en el código de acceso a través de los vectores relacionados con las llamadas de emergencia. • http://docs.info.apple.com/article.html?artnum=307302 •
CVSS: 8.8EPSS: 29%CPEs: 12EXPL: 0CVE-2008-0035
https://notcve.org/view.php?id=CVE-2008-0035
16 Jan 2008 — Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari. Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los ... • http://docs.info.apple.com/article.html?artnum=307302 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 12EXPL: 0CVE-2007-5858
https://notcve.org/view.php?id=CVE-2007-5858
19 Dec 2007 — WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information. WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos "navigate the subframes of any other page", lo que se p... • http://docs.info.apple.com/article.html?artnum=307178 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •