CVSS: 6.1EPSS: 0%CPEs: 91EXPL: 0CVE-2012-2648
https://notcve.org/view.php?id=CVE-2012-2648
07 Aug 2012 — Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la app GoodReader v3.16 y anteriores para iOS en iPad, y v3.15.1 y anteriores para IOS en iPhone e iPod touch, permite a atacantes r... • http://jvn.jp/en/jp/JVN01598734/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
10 Mar 2011 — Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, perm... • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1407
https://notcve.org/view.php?id=CVE-2010-1407
22 Jun 2010 — WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document. WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada el método history.replaceState en ciertas situaciones relacionadas con elementos IFRAME, lo que permite a atacantes remotos obtener información ... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.7EPSS: 0%CPEs: 22EXPL: 0CVE-2010-1775
https://notcve.org/view.php?id=CVE-2010-1775
22 Jun 2010 — Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot. Condición de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes físicamente próximos eludir los requerimientos de contraseña establecidos y asociar un dispositivo bloqueado con ... • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4227
https://notcve.org/view.php?id=CVE-2008-4227
25 Nov 2008 — Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic. El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas b... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4228
https://notcve.org/view.php?id=CVE-2008-4228
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number. La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso físico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de teléfono a u... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4229
https://notcve.org/view.php?id=CVE-2008-4229
25 Nov 2008 — Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup. Condición de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes físicamente próximos eliminar el bloqueo y lanzar aplicaciones de su elección al restaurar el dispositi... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 15EXPL: 0CVE-2008-4230
https://notcve.org/view.php?id=CVE-2008-4230
25 Nov 2008 — The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593. La funcionalidad Passcode Lock en el sistema operativo del iPhone de Apple desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod touch desde la v1.0 hasta la v2.1 muestra ... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 9%CPEs: 16EXPL: 0CVE-2008-4231
https://notcve.org/view.php?id=CVE-2008-4231
25 Nov 2008 — Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1 no maneja adecuadamente los elementos HTML TABLE, esto permite a atacantes remotos ejecutar código de su elección o provocar una denegaci... • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2008-4232
https://notcve.org/view.php?id=CVE-2008-4232
25 Nov 2008 — Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document. Safari en Apple iPhone OS 2.0 hasta 2.1 y iPhone OS para iPod touch 2.1 no restringe mostrar contenidos IFRAME para los límites del IFRAME, el cual permite a los atacantes remotos espiar una interfaz de usuario a través de documentos HTML manipulados. • http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html •