All the vulnerabilites related to apple - ipod_touch
cve-2010-1752
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4435 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59631 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "appleios-cfnetwork-bo(59631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "appleios-cfnetwork-bo(59631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "appleios-cfnetwork-bo(59631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1752",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5858
Vulnerability from cvelistv5
Published
2007-12-19 21:00
Modified
2024-08-07 15:47
Severity ?
EPSS score ?
Summary
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:47:00.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307178"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "safari-webkit-security-bypass(39091)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "28497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26911",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26911"
},
{
"name": "APPLE-SA-2008-01-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "ADV-2008-0147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"name": "1019108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019108"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307178"
},
{
"name": "ADV-2007-4238",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28136",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "safari-webkit-security-bypass(39091)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"
},
{
"name": "APPLE-SA-2007-12-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "28497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26911",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26911"
},
{
"name": "APPLE-SA-2008-01-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "ADV-2008-0147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"name": "1019108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019108"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=307178",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307178"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307302",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "safari-webkit-security-bypass(39091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "28497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28497"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "26911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26911"
},
{
"name": "APPLE-SA-2008-01-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "ADV-2008-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"name": "1019108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019108"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5858",
"datePublished": "2007-12-19T21:00:00",
"dateReserved": "2007-11-06T00:00:00",
"dateUpdated": "2024-08-07T15:47:00.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1809
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4334 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61694 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-voiceover-weak-security(61694)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-voiceover-weak-security(61694)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-voiceover-weak-security(61694)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1809",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1756
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-22T20:24:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1756",
"datePublished": "2010-06-22T20:24:00Z",
"dateReserved": "2010-05-06T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:29.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1813
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43068 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4334 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT4455 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61700 | vdb-entry, x_refsource_XF | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/42314 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.apple.com/kb/HT4456 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "appleios-html-object-code-exec(61700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61700"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "appleios-html-object-code-exec(61700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61700"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "appleios-html-object-code-exec(61700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61700"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1813",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1817
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61697 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4334 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "appleios-gif-bo(61697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "appleios-gif-bo(61697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "appleios-gif-bo(61697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1817",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1753
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59632 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.567Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-imageio-code-execution(59632)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59632"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-imageio-code-execution(59632)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59632"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-imageio-code-execution(59632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59632"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1753",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1781
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "appleios-inline-elements-code-exec(61698)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "43077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43077"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "appleios-inline-elements-code-exec(61698)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "43077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43077"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "appleios-inline-elements-code-exec(61698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "43077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43077"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1781",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1692
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35446"
},
{
"name": "9160",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/9160"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37746"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "36977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36977"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
},
{
"name": "55242",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55242"
},
{
"name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=23319"
},
{
"name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35446"
},
{
"name": "9160",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/9160"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37746"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "36977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36977"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
},
{
"name": "55242",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55242"
},
{
"name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.webkit.org/show_bug.cgi?id=23319"
},
{
"name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35446"
},
{
"name": "9160",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/9160"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "http://www.g-sec.lu/one-bug-to-rule-them-all.html",
"refsource": "MISC",
"url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121",
"refsource": "CONFIRM",
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
},
{
"name": "37746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37746"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "36977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36977"
},
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
},
{
"name": "55242",
"refsource": "OSVDB",
"url": "http://osvdb.org/55242"
},
{
"name": "20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
},
{
"name": "https://bugs.webkit.org/show_bug.cgi?id=23319",
"refsource": "MISC",
"url": "https://bugs.webkit.org/show_bug.cgi?id=23319"
},
{
"name": "20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1692",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1751
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59630 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "appleios-sandbox-info-disclosure(59630)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "appleios-sandbox-info-disclosure(59630)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "appleios-sandbox-info-disclosure(59630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1751",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4233
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://securitytracker.com/id?1021264 | vdb-entry, x_refsource_SECTRACK | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/50030 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:35.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1021264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50030"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021264",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1021264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50030",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50030"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021264"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50030",
"refsource": "OSVDB",
"url": "http://osvdb.org/50030"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4233",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:35.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1407
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-historyreplace-info-disclosure(59629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59629"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-historyreplace-info-disclosure(59629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59629"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-historyreplace-info-disclosure(59629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59629"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1407",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1810
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4334 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61695 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.662Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-facetime-sec-bypass(61695)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61695"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-facetime-sec-bypass(61695)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61695"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "appleios-facetime-sec-bypass(61695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61695"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1810",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4232
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://osvdb.org/50029 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021272 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.987Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50029"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME\u0027s content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50029",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50029"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME\u0027s content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50029",
"refsource": "OSVDB",
"url": "http://osvdb.org/50029"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4232",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-2648
Vulnerability from cvelistv5
Published
2012-08-07 19:00
Modified
2024-09-16 16:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN01598734/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:32.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-08-07T19:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#01598734",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01598734",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"name": "JVNDB-2012-000073",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2012-2648",
"datePublished": "2012-08-07T19:00:00Z",
"dateReserved": "2012-05-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:34:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1387
Vulnerability from cvelistv5
Published
2010-06-18 16:00
Modified
2024-08-07 01:21
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:21:19.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "40196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40196"
},
{
"name": "APPLE-SA-2010-06-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "itunes-webkit-unspecified-var1(59506)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506"
},
{
"name": "oval:org.mitre.oval:def:7061",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "1024108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024108"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "40196",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40196"
},
{
"name": "APPLE-SA-2010-06-16-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1512",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "itunes-webkit-unspecified-var1(59506)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506"
},
{
"name": "oval:org.mitre.oval:def:7061",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "1024108",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024108"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "http://support.apple.com/kb/HT4220",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4220"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "40196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40196"
},
{
"name": "APPLE-SA-2010-06-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "ADV-2010-1512",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"name": "itunes-webkit-unspecified-var1(59506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506"
},
{
"name": "oval:org.mitre.oval:def:7061",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "1024108",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024108"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1387",
"datePublished": "2010-06-18T16:00:00",
"dateReserved": "2010-04-15T00:00:00",
"dateUpdated": "2024-08-07T01:21:19.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1701
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "55008",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55008"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "1022345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35325",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35325"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "55008",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55008"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "1022345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35325",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35325"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "55008",
"refsource": "OSVDB",
"url": "http://osvdb.org/55008"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "1022345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35325"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1701",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3612
Vulnerability from cvelistv5
Published
2008-09-10 16:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1020848 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2008/2525 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3026 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT3129 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/31823 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2558 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31900 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31092 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.935Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020848"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020848",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020848"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020848"
},
{
"name": "ADV-2008-2525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "http://support.apple.com/kb/HT3026",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "http://support.apple.com/kb/HT3129",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3612",
"datePublished": "2008-09-10T16:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.935Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1683
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-09-17 04:04
Severity ?
EPSS score ?
Summary
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html | third-party-advisory, x_refsource_JVNDB | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| http://jvn.jp/en/jp/JVN87239696/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "JVNDB-2009-000040",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "JVN#87239696",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-19T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "JVNDB-2009-000040",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "JVN#87239696",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "JVNDB-2009-000040",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "JVN#87239696",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1683",
"datePublished": "2009-06-19T16:00:00Z",
"dateReserved": "2009-05-20T00:00:00Z",
"dateUpdated": "2024-09-17T04:04:04.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1680
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/35448 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/55240 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35448",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35448"
},
{
"name": "55240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35448",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35448"
},
{
"name": "55240",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35448"
},
{
"name": "55240",
"refsource": "OSVDB",
"url": "http://osvdb.org/55240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1680",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1811
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4435 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/61696 | vdb-entry, x_refsource_XF | |
| http://support.apple.com/kb/HT4334 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/42314 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.apple.com/kb/HT4456 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "appleios-tiff-code-exec(61696)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "appleios-tiff-code-exec(61696)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "APPLE-SA-2010-11-10-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "appleios-tiff-code-exec(61696)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1811",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1699
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "8907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/8907"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scary.beasts.org/security/CESA-2009-006.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "54972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54972"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "35321",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an \"XXE attack.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "8907",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/8907"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scary.beasts.org/security/CESA-2009-006.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "54972",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54972"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "35321",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an \"XXE attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "8907",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8907"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://scary.beasts.org/security/CESA-2009-006.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2009-006.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "54972",
"refsource": "OSVDB",
"url": "http://osvdb.org/54972"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "USN-857-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "35321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35321"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/06/apples-safari-4-fixes-local-file-theft.html"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1699",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1754
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59633 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcodelock-security-bypass(59633)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcodelock-security-bypass(59633)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcodelock-security-bypass(59633)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1754",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1181
Vulnerability from cvelistv5
Published
2010-03-29 19:00
Modified
2024-09-17 00:26
Severity ?
EPSS score ?
Summary
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://nishantdaspatnaik.yolasite.com/ipodpoc6.php | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php",
"refsource": "MISC",
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1181",
"datePublished": "2010-03-29T19:00:00Z",
"dateReserved": "2010-03-29T00:00:00Z",
"dateUpdated": "2024-09-17T00:26:14.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1775
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59637 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcode-lock-sec-bypass(59637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59637"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcode-lock-sec-bypass(59637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59637"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-passcode-lock-sec-bypass(59637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59637"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1775",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1812
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43079",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43079"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "appleios-selections-code-exec(61699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43079",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43079"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "appleios-selections-code-exec(61699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43079"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "appleios-selections-code-exec(61699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1812",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.700Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1590
Vulnerability from cvelistv5
Published
2008-07-14 18:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/30186 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43738 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/2094/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31074 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.862Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ipod-iphone-garbage-code-execution(43738)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43738"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ipod-iphone-garbage-code-execution(43738)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43738"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ipod-iphone-garbage-code-execution(43738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43738"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1590",
"datePublished": "2008-07-14T18:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.862Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3631
Vulnerability from cvelistv5
Published
2008-09-10 16:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/2525 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1020846 | vdb-entry, x_refsource_SECTRACK | |
| http://support.apple.com/kb/HT3026 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT3129 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/31823 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/2558 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31900 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/31092 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.968Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "1020846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020846"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "1020846",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020846"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "1020846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020846"
},
{
"name": "http://support.apple.com/kb/HT3026",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "http://support.apple.com/kb/HT3129",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "APPLE-SA-2008-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3631",
"datePublished": "2008-09-10T16:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1589
Vulnerability from cvelistv5
Published
2008-07-14 18:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43734 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30186 | vdb-entry, x_refsource_BID | |
| http://jvn.jp/en/jp/JVN88676089/index.html | third-party-advisory, x_refsource_JVN | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/2094/references | vdb-entry, x_refsource_VUPEN | |
| http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html | third-party-advisory, x_refsource_JVNDB | |
| http://secunia.com/advisories/31074 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ipod-iphone-certificate-info-disclosure(43734)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "JVN#88676089",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "JVNDB-2008-000039",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ipod-iphone-certificate-info-disclosure(43734)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "JVN#88676089",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "JVNDB-2008-000039",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipod-iphone-certificate-info-disclosure(43734)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
},
{
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "JVN#88676089",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "JVNDB-2008-000039",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1589",
"datePublished": "2008-07-14T18:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2206
Vulnerability from cvelistv5
Published
2009-09-10 21:00
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1022869 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/506464/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.trapkit.de/advisories/TKADV2009-007.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53180 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/36338 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/36677 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.apple.com/kb/HT3860 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:54.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022869"
},
{
"name": "20090914 [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/506464/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-007.txt"
},
{
"name": "ipod-iphone-aac-mp3-bo(53180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53180"
},
{
"name": "36338",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36338"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3860"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022869",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022869"
},
{
"name": "20090914 [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/506464/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-007.txt"
},
{
"name": "ipod-iphone-aac-mp3-bo(53180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53180"
},
{
"name": "36338",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36338"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3860"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022869"
},
{
"name": "20090914 [TKADV2009-007] Apple iPhone OS AudioCodecs Heap Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506464/100/0/threaded"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2009-007.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2009-007.txt"
},
{
"name": "ipod-iphone-aac-mp3-bo(53180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53180"
},
{
"name": "36338",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36338"
},
{
"name": "APPLE-SA-2009-09-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36677"
},
{
"name": "http://support.apple.com/kb/HT3860",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3860"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2206",
"datePublished": "2009-09-10T21:00:00",
"dateReserved": "2009-06-24T00:00:00",
"dateUpdated": "2024-08-07T05:44:54.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1679
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51212 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/55239 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/35436 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ipod-iphone-profile-security-bypass(51212)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51212"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55239"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35436"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ipod-iphone-profile-security-bypass(51212)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51212"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55239",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55239"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35436"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ipod-iphone-profile-security-bypass(51212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51212"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55239",
"refsource": "OSVDB",
"url": "http://osvdb.org/55239"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35436"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1679",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4231
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.fortiguardcenter.com/advisory/FGA-2009-23.html | x_refsource_MISC | |
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2009/1522 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/35379 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/504211/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1021272 | vdb-entry, x_refsource_SECTRACK | |
| http://osvdb.org/50028 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://support.apple.com/kb/HT3613 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "50028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50028"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "50028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50028"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html",
"refsource": "MISC",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "20090610 FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "1021272",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"name": "50028",
"refsource": "OSVDB",
"url": "http://osvdb.org/50028"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4231",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1588
Vulnerability from cvelistv5
Published
2008-07-14 18:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/30186 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/1522 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/35379 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43732 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/2094/references | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3613 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/31074 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "ipod-iphone-addressbar-spoofing(43732)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43732"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "ipod-iphone-addressbar-spoofing(43732)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43732"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "ipod-iphone-addressbar-spoofing(43732)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43732"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1588",
"datePublished": "2008-07-14T18:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1814
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.710Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "appleios-formmenus-code-exec(61701)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61701"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "43083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43083"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "appleios-formmenus-code-exec(61701)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61701"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "43083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43083"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "appleios-formmenus-code-exec(61701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61701"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "43083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43083"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1814",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0961
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/55238 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51210 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55238"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-security-bypass(51210)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55238",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55238"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-security-bypass(51210)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55238",
"refsource": "OSVDB",
"url": "http://osvdb.org/55238"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-security-bypass(51210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0961",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0960
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/35434 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51209 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35434"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-weak-security(51209)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51209"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35434",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35434"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-weak-security(51209)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51209"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35434"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-weak-security(51209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51209"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0960",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3632
Vulnerability from cvelistv5
Published
2008-09-10 16:00
Modified
2024-08-07 09:45
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.009Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32860"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "USN-676-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-676-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "1020847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020847"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-17T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32860",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32860"
},
{
"name": "ADV-2008-2525",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "USN-676-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-676-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "1020847",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020847"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "APPLE-SA-2008-09-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "APPLE-SA-2008-09-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "32099",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3632",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32860"
},
{
"name": "ADV-2008-2525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "USN-676-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-676-1"
},
{
"name": "http://support.apple.com/kb/HT3026",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3026"
},
{
"name": "http://support.apple.com/kb/HT3129",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3129"
},
{
"name": "1020847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020847"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "APPLE-SA-2008-09-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"name": "31823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31823"
},
{
"name": "ADV-2008-2558",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"name": "31900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31900"
},
{
"name": "31092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "APPLE-SA-2008-09-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"name": "32099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32099"
},
{
"name": "SUSE-SR:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3632",
"datePublished": "2008-09-10T16:00:00",
"dateReserved": "2008-08-12T00:00:00",
"dateUpdated": "2024-08-07T09:45:19.009Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3950
Vulnerability from cvelistv5
Published
2008-09-16 23:00
Modified
2024-08-07 10:00
Severity ?
EPSS score ?
Summary
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/31061 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/496321/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service | x_refsource_MISC | |
| http://securityreason.com/securityalert/4264 | third-party-advisory, x_refsource_SREASON |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31061",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31061"
},
{
"name": "20080912 CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496321/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service"
},
{
"name": "4264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31061",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31061"
},
{
"name": "20080912 CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496321/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service"
},
{
"name": "4264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31061"
},
{
"name": "20080912 CORE-2008-0126: iPhone Safari JavaScript alert Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496321/100/0/threaded"
},
{
"name": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service"
},
{
"name": "4264",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3950",
"datePublished": "2008-09-16T23:00:00",
"dateReserved": "2008-09-05T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4229
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021271 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://osvdb.org/50026 | vdb-entry, x_refsource_OSVDB | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50026"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50026"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021271",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "50026",
"refsource": "OSVDB",
"url": "http://osvdb.org/50026"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4229",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2303
Vulnerability from cvelistv5
Published
2008-07-14 18:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43736 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/30186 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32706 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT3298 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2094/references | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/31074 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:01.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-11-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "ipod-iphone-javascript-code-execution(43736)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-11-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "ipod-iphone-javascript-code-execution(43736)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-11-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "ipod-iphone-javascript-code-execution(43736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736"
},
{
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2303",
"datePublished": "2008-07-14T18:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:01.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1700
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/43068 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entry, x_refsource_VUPEN | |
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/35260 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2009/1522 | vdb-entry, x_refsource_VUPEN | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| http://osvdb.org/54973 | vdb-entry, x_refsource_OSVDB | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/35379 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.apple.com/kb/HT3613 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "54973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54973"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "54973",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54973"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "54973",
"refsource": "OSVDB",
"url": "http://osvdb.org/54973"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1700",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4230
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/50027 | vdb-entry, x_refsource_OSVDB | |
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.947Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50027"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50027",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50027"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50027",
"refsource": "OSVDB",
"url": "http://osvdb.org/50027"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4230",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.947Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1724
Vulnerability from cvelistv5
Published
2009-07-09 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"name": "35441",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35441"
},
{
"name": "ADV-2009-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "55738",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55738"
},
{
"name": "oval:org.mitre.oval:def:6208",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022525"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"name": "35441",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35441"
},
{
"name": "ADV-2009-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "55738",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55738"
},
{
"name": "oval:org.mitre.oval:def:6208",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022525",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022525"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "http://support.apple.com/kb/HT3666",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"name": "35441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35441"
},
{
"name": "ADV-2009-1827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "55738",
"refsource": "OSVDB",
"url": "http://osvdb.org/55738"
},
{
"name": "oval:org.mitre.oval:def:6208",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022525",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022525"
},
{
"name": "APPLE-SA-2009-09-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36677"
},
{
"name": "http://support.apple.com/kb/HT3860",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1724",
"datePublished": "2009-07-09T17:00:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2973
Vulnerability from cvelistv5
Published
2010-08-05 18:00
Modified
2024-08-07 02:55
Severity ?
EPSS score ?
Summary
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/14538 | exploit, x_refsource_EXPLOIT-DB | |
| http://osvdb.org/66827 | vdb-entry, x_refsource_OSVDB | |
| http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT4292 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/42151 | vdb-entry, x_refsource_BID | |
| http://support.apple.com/kb/HT4291 | x_refsource_CONFIRM | |
| http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/40807 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:55:46.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"name": "66827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/66827"
},
{
"name": "APPLE-SA-2010-08-11-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4292"
},
{
"name": "42151",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/42151"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4291"
},
{
"name": "APPLE-SA-2010-08-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
},
{
"name": "40807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40807"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-08-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14538",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"name": "66827",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/66827"
},
{
"name": "APPLE-SA-2010-08-11-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4292"
},
{
"name": "42151",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/42151"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4291"
},
{
"name": "APPLE-SA-2010-08-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
},
{
"name": "40807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40807"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14538",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"name": "66827",
"refsource": "OSVDB",
"url": "http://osvdb.org/66827"
},
{
"name": "APPLE-SA-2010-08-11-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4292",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4292"
},
{
"name": "42151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42151"
},
{
"name": "http://support.apple.com/kb/HT4291",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4291"
},
{
"name": "APPLE-SA-2010-08-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
},
{
"name": "40807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40807"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2973",
"datePublished": "2010-08-05T18:00:00",
"dateReserved": "2010-08-05T00:00:00",
"dateUpdated": "2024-08-07T02:55:46.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4228
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1021271 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/50025 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.952Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1021271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50025"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1021271",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50025"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021271",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50025",
"refsource": "OSVDB",
"url": "http://osvdb.org/50025"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4228",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.952Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1755
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/59634 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-safari-security-bypass(59634)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59634"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-safari-security-bypass(59634)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59634"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "appleios-safari-security-bypass(59634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59634"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1755",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2317
Vulnerability from cvelistv5
Published
2008-07-14 18:00
Modified
2024-08-07 08:58
Severity ?
EPSS score ?
Summary
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/494777/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://www.zerodayinitiative.com/advisories/ZDI-08-045/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/30186 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32706 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://support.apple.com/kb/HT3298 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/2094/references | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43737 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/31074 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080725 ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/494777/100/0/threaded"
},
{
"name": "APPLE-SA-2008-11-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ipod-iphone-stylesheets-code-execution(43737)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43737"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080725 ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/494777/100/0/threaded"
},
{
"name": "APPLE-SA-2008-11-13",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/"
},
{
"name": "30186",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ipod-iphone-stylesheets-code-execution(43737)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43737"
},
{
"name": "31074",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31074"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080725 ZDI-08-045: Apple Safari StyleSheet ownerNode Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494777/100/0/threaded"
},
{
"name": "APPLE-SA-2008-11-13",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/"
},
{
"name": "30186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"name": "32706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32706"
},
{
"name": "APPLE-SA-2008-07-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3298"
},
{
"name": "ADV-2008-2094",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"name": "ipod-iphone-stylesheets-code-execution(43737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43737"
},
{
"name": "31074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31074"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2317",
"datePublished": "2008-07-14T18:00:00",
"dateReserved": "2008-05-18T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1344
Vulnerability from cvelistv5
Published
2011-03-10 20:00
Modified
2024-08-06 22:21
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:21:34.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44151"
},
{
"name": "20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://twitter.com/aaronportnoy/statuses/45632544967901187"
},
{
"name": "46822",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/46822"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4596"
},
{
"name": "APPLE-SA-2011-04-14-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"name": "1025363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025363"
},
{
"name": "APPLE-SA-2011-04-14-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135"
},
{
"name": "ADV-2011-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"name": "20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4607"
},
{
"name": "safari-webkit-unspec-code-exec(66061)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"name": "APPLE-SA-2011-04-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"name": "44154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "44151",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44151"
},
{
"name": "20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://twitter.com/aaronportnoy/statuses/45632544967901187"
},
{
"name": "46822",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/46822"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4596"
},
{
"name": "APPLE-SA-2011-04-14-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"name": "1025363",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025363"
},
{
"name": "APPLE-SA-2011-04-14-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135"
},
{
"name": "ADV-2011-0984",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"name": "20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4607"
},
{
"name": "safari-webkit-unspec-code-exec(66061)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"name": "APPLE-SA-2011-04-14-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"name": "44154",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44151"
},
{
"name": "20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded"
},
{
"name": "http://twitter.com/aaronportnoy/statuses/45632544967901187",
"refsource": "MISC",
"url": "http://twitter.com/aaronportnoy/statuses/45632544967901187"
},
{
"name": "46822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/46822"
},
{
"name": "http://support.apple.com/kb/HT4596",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4596"
},
{
"name": "APPLE-SA-2011-04-14-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"name": "1025363",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025363"
},
{
"name": "APPLE-SA-2011-04-14-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-11-135",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135"
},
{
"name": "ADV-2011-0984",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"name": "20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded"
},
{
"name": "http://support.apple.com/kb/HT4607",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4607"
},
{
"name": "safari-webkit-unspec-code-exec(66061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061"
},
{
"name": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358",
"refsource": "MISC",
"url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358"
},
{
"name": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own",
"refsource": "MISC",
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"name": "APPLE-SA-2011-04-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"name": "44154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1344",
"datePublished": "2011-03-10T20:00:00",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:21:34.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1757
Vulnerability from cvelistv5
Published
2010-06-22 20:24
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43068 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entry, x_refsource_VUPEN | |
| http://support.apple.com/kb/HT4225 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/42314 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/41016 | vdb-entry, x_refsource_BID | |
| http://support.apple.com/kb/HT4456 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/41068 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | vendor-advisory, x_refsource_APPLE | |
| http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.550Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "41068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41068"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-06-26T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "41016",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "41068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41068"
},
{
"name": "APPLE-SA-2010-06-21-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "41016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "41068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41068"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1757",
"datePublished": "2010-06-22T20:24:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2199
Vulnerability from cvelistv5
Published
2009-08-12 19:00
Modified
2024-08-07 05:44
Severity ?
EPSS score ?
Summary
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/43068 | third-party-advisory, x_refsource_SECUNIA | |
| http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2011/0212 | vdb-entry, x_refsource_VUPEN | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id?1022719 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/36026 | vdb-entry, x_refsource_BID | |
| http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://secunia.com/advisories/36677 | third-party-advisory, x_refsource_SECUNIA | |
| http://support.apple.com/kb/HT3860 | x_refsource_CONFIRM | |
| http://support.apple.com/kb/HT3733 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:44:55.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2009-08-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022719"
},
{
"name": "36026",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36026"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-08-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2009-08-11-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022719",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022719"
},
{
"name": "36026",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36026"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2009-08-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "1022719",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022719"
},
{
"name": "36026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36026"
},
{
"name": "APPLE-SA-2009-09-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36677"
},
{
"name": "http://support.apple.com/kb/HT3860",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "http://support.apple.com/kb/HT3733",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2199",
"datePublished": "2009-08-12T19:00:00",
"dateReserved": "2009-06-24T00:00:00",
"dateUpdated": "2024-08-07T05:44:55.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1815
Vulnerability from cvelistv5
Published
2010-09-09 21:00
Modified
2024-08-07 01:35
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-scrollbars-code-exec(61702)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61702"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "43081",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43081"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "MDVSA-2011:039",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-scrollbars-code-exec(61702)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61702"
},
{
"name": "ADV-2010-2722",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "43081",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43081"
},
{
"name": "ADV-2011-0552",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-1815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2011:039",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"name": "appleios-scrollbars-code-exec(61702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61702"
},
{
"name": "ADV-2010-2722",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "APPLE-SA-2010-09-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4334",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4334"
},
{
"name": "USN-1006-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"name": "http://support.apple.com/kb/HT4455",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4455"
},
{
"name": "41856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41856"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "ADV-2011-0216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"name": "43086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43086"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "APPLE-SA-2010-11-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "RHSA-2011:0177",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"name": "43081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43081"
},
{
"name": "ADV-2011-0552",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-1815",
"datePublished": "2010-09-09T21:00:00",
"dateReserved": "2010-05-06T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0959
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/55237 | vdb-entry, x_refsource_OSVDB | |
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51211 | vdb-entry, x_refsource_XF | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE | |
| http://www.securityfocus.com/bid/35433 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55237",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55237"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "ipod-iphone-mpeg4-dos(51211)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "55237",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55237"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "ipod-iphone-mpeg4-dos(51211)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35433",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55237",
"refsource": "OSVDB",
"url": "http://osvdb.org/55237"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "ipod-iphone-mpeg4-dos(51211)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0959",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1702
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1022344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022344"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "54993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54993"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35327",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35327"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1022344",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022344"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "54993",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54993"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35327",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35327"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022344",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022344"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "54993",
"refsource": "OSVDB",
"url": "http://osvdb.org/54993"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35327"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1702",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1698
Vulnerability from cvelistv5
Published
2009-06-10 17:37
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-822-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-822-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35588"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "FEDORA-2009-8046",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37746"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/"
},
{
"name": "1022345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "36790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36790"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504173/100/0/threaded"
},
{
"name": "20090614 [TZO-37-2009] Apple Safari \u003cv4 Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/504295/100/0/threaded"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "RHSA-2009:1128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1128.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "55006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55006"
},
{
"name": "oval:org.mitre.oval:def:9484",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484"
},
{
"name": "36062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "USN-836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "35318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35318"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html"
},
{
"name": "FEDORA-2009-8020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-822-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-822-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35588",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35588"
},
{
"name": "35260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "FEDORA-2009-8046",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "ADV-2009-1522",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37746"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/"
},
{
"name": "1022345",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "36790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36790"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504173/100/0/threaded"
},
{
"name": "20090614 [TZO-37-2009] Apple Safari \u003cv4 Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/504295/100/0/threaded"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "RHSA-2009:1128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1128.html"
},
{
"name": "35379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35379"
},
{
"name": "55006",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55006"
},
{
"name": "oval:org.mitre.oval:def:9484",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484"
},
{
"name": "36062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "USN-836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "35318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35318"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html"
},
{
"name": "FEDORA-2009-8020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-822-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-822-1"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35588",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35588"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "FEDORA-2009-8046",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "37746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37746"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/"
},
{
"name": "1022345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "36790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36790"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504173/100/0/threaded"
},
{
"name": "20090614 [TZO-37-2009] Apple Safari \u003cv4 Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504295/100/0/threaded"
},
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "RHSA-2009:1128",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1128.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "55006",
"refsource": "OSVDB",
"url": "http://osvdb.org/55006"
},
{
"name": "oval:org.mitre.oval:def:9484",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484"
},
{
"name": "36062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8049",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "USN-836-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "35318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35318"
},
{
"name": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html",
"refsource": "MISC",
"url": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html"
},
{
"name": "FEDORA-2009-8020",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1698",
"datePublished": "2009-06-10T17:37:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5450
Vulnerability from cvelistv5
Published
2007-10-14 18:00
Modified
2024-08-07 15:31
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2007/3485 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/27213 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37186 | vdb-entry, x_refsource_XF | |
| https://www.exploit-db.com/exploits/4522 | exploit, x_refsource_EXPLOIT-DB | |
| http://www.toc2rta.com/?q=node/23 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2007-3485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3485"
},
{
"name": "27213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27213"
},
{
"name": "iphone-ipod-tiff-code-execution(37186)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37186"
},
{
"name": "4522",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4522"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toc2rta.com/?q=node/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2007-3485",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3485"
},
{
"name": "27213",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27213"
},
{
"name": "iphone-ipod-tiff-code-execution(37186)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37186"
},
{
"name": "4522",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4522"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toc2rta.com/?q=node/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2007-3485",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3485"
},
{
"name": "27213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27213"
},
{
"name": "iphone-ipod-tiff-code-execution(37186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37186"
},
{
"name": "4522",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4522"
},
{
"name": "http://www.toc2rta.com/?q=node/23",
"refsource": "MISC",
"url": "http://www.toc2rta.com/?q=node/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5450",
"datePublished": "2007-10-14T18:00:00",
"dateReserved": "2007-10-14T00:00:00",
"dateUpdated": "2024-08-07T15:31:58.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4227
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 10:08
Severity ?
EPSS score ?
Summary
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/50024 | vdb-entry, x_refsource_OSVDB | |
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1021269 | vdb-entry, x_refsource_SECTRACK | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:08:34.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50024"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021269",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021269"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50024",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50024"
},
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021269",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021269"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50024",
"refsource": "OSVDB",
"url": "http://osvdb.org/50024"
},
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021269",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021269"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4227",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-09-24T00:00:00",
"dateUpdated": "2024-08-07T10:08:34.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1725
Vulnerability from cvelistv5
Published
2009-07-09 17:00
Modified
2024-08-07 05:20
Severity ?
EPSS score ?
Summary
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002164"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002163"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002162"
},
{
"name": "FEDORA-2009-8046",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "35607",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35607"
},
{
"name": "ADV-2009-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37746"
},
{
"name": "55739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55739"
},
{
"name": "36790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36790"
},
{
"name": "36347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36347"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "36062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8802",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html"
},
{
"name": "1022526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1022526"
},
{
"name": "oval:org.mitre.oval:def:5777",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777"
},
{
"name": "FEDORA-2009-8049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513813"
},
{
"name": "USN-836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "FEDORA-2009-8800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35758"
},
{
"name": "FEDORA-2009-8020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002164"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002163"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002162"
},
{
"name": "FEDORA-2009-8046",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "35607",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35607"
},
{
"name": "ADV-2009-1827",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "37746",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37746"
},
{
"name": "55739",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55739"
},
{
"name": "36790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36790"
},
{
"name": "36347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36347"
},
{
"name": "DSA-1950",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "36062",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8802",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html"
},
{
"name": "1022526",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1022526"
},
{
"name": "oval:org.mitre.oval:def:5777",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777"
},
{
"name": "FEDORA-2009-8049",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513813"
},
{
"name": "USN-836-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "FEDORA-2009-8800",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html"
},
{
"name": "APPLE-SA-2009-09-09-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36677"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35758"
},
{
"name": "FEDORA-2009-8020",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websvn.kde.org/?view=rev\u0026revision=1002164",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002164"
},
{
"name": "http://websvn.kde.org/?view=rev\u0026revision=1002163",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002163"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "FEDORA-2009-8039",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"name": "MDVSA-2009:330",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "http://support.apple.com/kb/HT3666",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3666"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-07-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"name": "http://websvn.kde.org/?view=rev\u0026revision=1002162",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002162"
},
{
"name": "FEDORA-2009-8046",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"name": "35607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35607"
},
{
"name": "ADV-2009-1827",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"name": "37746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37746"
},
{
"name": "55739",
"refsource": "OSVDB",
"url": "http://osvdb.org/55739"
},
{
"name": "36790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36790"
},
{
"name": "36347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36347"
},
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "36062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36062"
},
{
"name": "USN-857-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "36057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36057"
},
{
"name": "FEDORA-2009-8802",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html"
},
{
"name": "1022526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022526"
},
{
"name": "oval:org.mitre.oval:def:5777",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777"
},
{
"name": "FEDORA-2009-8049",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=513813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513813"
},
{
"name": "USN-836-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "FEDORA-2009-8800",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html"
},
{
"name": "APPLE-SA-2009-09-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"name": "36677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36677"
},
{
"name": "http://support.apple.com/kb/HT3860",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3860"
},
{
"name": "35758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35758"
},
{
"name": "FEDORA-2009-8020",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1725",
"datePublished": "2009-07-09T17:00:00",
"dateReserved": "2009-05-20T00:00:00",
"dateUpdated": "2024-08-07T05:20:35.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0958
Vulnerability from cvelistv5
Published
2009-06-19 16:00
Modified
2024-08-07 04:57
Severity ?
EPSS score ?
Summary
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.apple.com/kb/HT3639 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51208 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2009/1621 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/35447 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/bid/35414 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/55236 | vdb-entry, x_refsource_OSVDB | |
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "iphone-ipod-certificate-info-disclosure(51208)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35447",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35447"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "55236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/55236"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "iphone-ipod-certificate-info-disclosure(51208)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208"
},
{
"name": "ADV-2009-1621",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35447",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35447"
},
{
"name": "35414",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "55236",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/55236"
},
{
"name": "APPLE-SA-2009-06-17-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "iphone-ipod-certificate-info-disclosure(51208)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "35447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35447"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "55236",
"refsource": "OSVDB",
"url": "http://osvdb.org/55236"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0958",
"datePublished": "2009-06-19T16:00:00",
"dateReserved": "2009-03-18T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0035
Vulnerability from cvelistv5
Published
2008-01-16 01:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:23.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "27296",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "iphone-ipod-foundation-code-execution(39700)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
},
{
"name": "28497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28497"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-01-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"name": "1019220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019220"
},
{
"name": "ADV-2008-0147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "27296",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "iphone-ipod-foundation-code-execution(39700)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
},
{
"name": "28497",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28497"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-01-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"name": "1019220",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019220"
},
{
"name": "ADV-2008-0147",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=307430",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28891"
},
{
"name": "27296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27296"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307302",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"name": "ADV-2008-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "iphone-ipod-foundation-code-execution(39700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
},
{
"name": "28497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28497"
},
{
"name": "TA08-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-01-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"name": "APPLE-SA-2008-02-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"name": "1019220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019220"
},
{
"name": "ADV-2008-0147",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0035",
"datePublished": "2008-01-16T01:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:23.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1586
Vulnerability from cvelistv5
Published
2008-11-25 23:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html | vendor-advisory, x_refsource_APPLE | |
| http://www.vupen.com/english/advisories/2008/3232 | vdb-entry, x_refsource_VUPEN | |
| http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securitytracker.com/id?1021270 | vdb-entry, x_refsource_SECTRACK | |
| http://support.apple.com/kb/HT3318 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/32394 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/32756 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/50023 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021270"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32756"
},
{
"name": "50023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-12-03T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2008-11-20",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021270",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021270"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32756"
},
{
"name": "50023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "1021270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021270"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
},
{
"name": "50023",
"refsource": "OSVDB",
"url": "http://osvdb.org/50023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1586",
"datePublished": "2008-11-25T23:00:00",
"dateReserved": "2008-03-31T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object."
},
{
"lang": "es",
"value": "WebKit en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicio de dispositivo) mediante una p\u00e1gina web conteniendo un objeto HTMLSelectElement con un atributo \"length\" grande."
}
],
"id": "CVE-2009-1692",
"lastModified": "2024-11-21T01:03:06.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-19T16:30:00.377",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55242"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36977"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "cve@mitre.org",
"url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35446"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.webkit.org/show_bug.cgi?id=23319"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/9160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.g-sec.lu/one-bug-to-rule-them-all.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504969/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504988/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504989/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/505006/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.webkit.org/show_bug.cgi?id=23319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/9160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4334 | Vendor Advisory | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/61697 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4334 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/61697 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en ImageIO en Apple iOS anterior a v4,1 en el iPhone e iPod touch permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo GIF manipulado."
}
],
"id": "CVE-2010-1817",
"lastModified": "2024-11-21T01:15:15.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.920",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61697"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 changes the encryption level of PPTP VPN connections to a lower level than was previously used, which makes it easier for remote attackers to obtain sensitive information or hijack a connection by decrypting network traffic."
},
{
"lang": "es",
"value": "El sistema operativo Apple iPhone desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod Touch desde la v1.0 hasta la v2.1 cambian el nivel de cifrado de las conexiones VPN PPTP a un nivel mas bajo del que fue usado previamente, lo cual facilita a atacantes remotos obtener informaci\u00f3n sensible o secuestras una conexi\u00f3n mediante el descifrado del trafico de red."
}
],
"id": "CVE-2008-4227",
"lastModified": "2024-11-21T00:51:13.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-25T23:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50024"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021269"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021269"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF file."
},
{
"lang": "es",
"value": "ImageIO en Apple iOS anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo TIFF manipulado."
}
],
"id": "CVE-2010-1811",
"lastModified": "2024-11-21T01:15:14.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.623",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61696"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | ipod_touch | - | |
| apple | iphone_os | * | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the rendering of an inline element."
},
{
"lang": "es",
"value": "Doble vulnerabilidad libre en WebKit en Apple iOS anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con la prestaci\u00f3n de un elemento en l\u00ednea."
}
],
"id": "CVE-2010-1781",
"lastModified": "2024-11-21T01:15:11.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.453",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43077"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61698"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | safari | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document."
},
{
"lang": "es",
"value": "Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1; no a\u00edsla el di\u00e1logo de aceptar llamadas (call-approval) del proceso de lanzamiento de nuevas aplicaciones, esto permite a atacantes remotos realizar llamadas de tel\u00e9fono de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado."
}
],
"id": "CVE-2008-4233",
"lastModified": "2024-11-21T00:51:14.183",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-25T23:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50030"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1021264"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1021264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document."
},
{
"lang": "es",
"value": "WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no hace cumplir las restricciones previstas en la muestra de contenido por un elemento IFRAME, lo que permite a atacantes remotos falsificar el interfaz de usuario a trav\u00e9s de un documento HTML manipulado."
}
],
"id": "CVE-2010-1757",
"lastModified": "2024-11-21T01:15:08.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.697",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41068"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | iphone_os | 3.1.2 | |
| apple | iphone_os | 3.1.3 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "593E5E7E-9606-430E-851A-4AE2D35423AD",
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch allows physically proximate attackers to bypass intended passcode requirements, and pair a locked device with a computer and access arbitrary data, via vectors involving the initial boot."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes f\u00edsicamente pr\u00f3ximos eludir los requerimientos de contrase\u00f1a establecidos y asociar un dispositivo bloqueado con una computadora y acceder a datos de su elecci\u00f3n, a trav\u00e9s de vectores relacionados con el arranque inicial."
}
],
"id": "CVE-2010-1775",
"lastModified": "2024-11-21T01:15:10.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-22T20:30:01.727",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59637"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-03-10 20:55
Modified
2024-11-21 01:26
Severity ?
Summary
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5031F18-556E-4E39-969D-1AB407C82926",
"versionEndIncluding": "5.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "64FE1AA1-32D1-4825-8B2B-E66093937D9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "E760CD65-A10E-44F1-B835-DA6B77057C93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30663B7F-3EDA-4B6B-9F39-65E2CEEB4543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*",
"matchCriteriaId": "91A09DA0-83E9-491D-A0A5-AF97B5463D62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*",
"matchCriteriaId": "D91C7EF0-A56B-40E6-9CED-1228405D034E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE6078B0-4756-4E04-BAC4-C4EC90548A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B6B5A3F2-70EE-4ECD-AD6A-0A72D9EBC755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C87EDB53-FB6E-4B10-B890-A7195D841C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*",
"matchCriteriaId": "957FCFC4-565A-4F2F-8D3D-D0982E1723F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*",
"matchCriteriaId": "22A450DC-CDF5-4EA0-A703-AFB3DEFE1395",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD75A4F-F529-4F5E-957D-380215F7B21B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "834EC299-2010-4306-8CEE-35D735583101",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D29B98E-2F62-4F6F-976D-FEC4EB07F106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3112AFEB-7893-467C-8B45-A44D5697BB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC83309-3A97-4619-B5C1-574610838BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "891514D5-50C8-4EDC-81C5-24ABF8BCC022",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "25032A3A-9D05-4E69-9A22-C9B332976769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AF75A31C-FE42-4CB4-A0E6-0CAB7B122483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAC0DC3-7B55-49BC-89BC-C588E6FC6828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*",
"matchCriteriaId": "21BAC0B8-063C-4772-8F1B-EB9A2F7A585C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*",
"matchCriteriaId": "6BAB4071-A883-4E04-BDDF-A121C4738E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E44913D-BC8B-4AA1-84EB-EFEAC531B475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3BAE980-449F-4F8C-A5BC-6CB7226E971A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8498D2-DECC-4B88-BC1B-F8E2D076EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "9DC87F61-3463-468A-BF0B-070816BBC3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "73E9C17F-C99E-4ABB-B312-31F87BC0C0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "46D8318A-9383-42A7-9A6A-2EB2736338B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79DC6C51-CEEA-4CBF-87D2-8007B7C3D67F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7B6AD89-D60C-4C8F-A9E6-4380A6B8DB13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B2451165-7831-426E-BA07-B3A57F3589C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "410E58BC-72AF-4695-8022-A08913077BC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE630BC-7E63-40DF-BB8B-327513F5DBAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD80CA73-5612-4799-9084-09BAA7938F53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06B02E9D-7FD6-4EE3-8854-B9EDFA4DE7D7",
"versionEndIncluding": "4.3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAADE29A-712B-4AD5-A78B-6AD537BA9196",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD601065-44E9-4AC7-B0E1-0EF5B72F8D4C",
"versionEndIncluding": "4.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:4:*:*:*:*:*:*:*",
"matchCriteriaId": "E000419D-EFCC-439E-AD2F-05ABEDCF6E93",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011."
}
],
"id": "CVE-2011-1344",
"lastModified": "2024-11-21T01:26:07.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-03-10T20:55:01.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44151"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/44154"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4596"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4607"
},
{
"source": "cve@mitre.org",
"url": "http://twitter.com/aaronportnoy/statuses/45632544967901187"
},
{
"source": "cve@mitre.org",
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/46822"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025363"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"source": "cve@mitre.org",
"url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twitter.com/aaronportnoy/statuses/45632544967901187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517505/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517517/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/46822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-11-135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-09-10 21:30
Modified
2024-11-21 01:04
Severity ?
Summary
Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE457690-CB2B-42BD-B97C-E723AFD02FB7",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1A9F14-4F3A-4B85-9050-84B51D59C9A1",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the AudioCodecs library in the CoreAudio component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted (1) AAC or (2) MP3 file, as demonstrated by a ringtone with malformed entries in the sample size table."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en la regi\u00f3n heap de la memoria en la biblioteca AudioCodecs en el componente CoreAudio en iPhone OS anterior a versi\u00f3n 3.1, y iPhone OS anterior a versi\u00f3n 3.1.1 para iPod touch, de Apple, permiten a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de un archivo (1) AAC o (2) MP3 dise\u00f1ado, como es demostrado mediante un tono de llamada con entradas malformadas en la tabla de tama\u00f1o de muestra."
}
],
"id": "CVE-2009-2206",
"lastModified": "2024-11-21T01:04:23.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-09-10T21:30:01.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36677"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/506464/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36338"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022869"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-007.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/506464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.trapkit.de/advisories/TKADV2009-007.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-05 18:17
Modified
2024-11-21 01:17
Severity ?
Summary
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*",
"matchCriteriaId": "954CDDCB-AC22-448D-8ECA-CFA4DBA1BC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*",
"matchCriteriaId": "ECE983F6-A597-4581-A254-80396B54F2D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAADE29A-712B-4AD5-A78B-6AD537BA9196",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*",
"matchCriteriaId": "54FECD66-4216-43FC-9959-B8EA9545449C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*",
"matchCriteriaId": "586C0CB3-98E5-4CB3-8F23-27F01233D6C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en IOSurface en Apple iOS anterior a versi\u00f3n 4.0.2 en el iPhone y iPod touch, y anterior a versi\u00f3n 3.2.2 en la iPad, permite a los usuarios locales alcanzar privilegios por medio de vectores que involucran las propiedades de IOSurface, como es demostrado por JailbreakMe."
}
],
"evaluatorImpact": "Per: http://xforce.iss.net/xforce/xfdb/60856\r\n\r\n\u0027Platforms Affected:\r\n\r\n * Apple iPhone OS 4.0 iPodtouch\r\n * Apple iPhone OS 4.0\r\n * Apple iPhone OS 4.0.1 iPodtouch\r\n * Apple iPhone OS 4.0.1 \u0027\r\n\r\n\r\nPer: http://www.securityfocus.com/bid/42151/discuss\r\n\r\n\u0027versions 4.0.1 and prior are vulnerable.\u0027",
"id": "CVE-2010-2973",
"lastModified": "2024-11-21T01:17:45.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-05T18:17:58.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/66827"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40807"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4291"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4292"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/42151"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/66827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/14538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/42151"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59634 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59634 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie."
},
{
"lang": "es",
"value": "Safari en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada la opci\u00f3n \"Aceptar cookies\", lo que facilita a los servidores web remotos rastrear a los usuarios a trav\u00e9s de una cookie."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n\u0027Installation note: These updates are only available through iTunes, and will not appear in your computer\u0027s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple\u0027s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don\u0027t Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.\u0027",
"id": "CVE-2010-1755",
"lastModified": "2024-11-21T01:15:07.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.647",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59634"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-19 21:46
Modified
2024-11-21 00:38
Severity ?
Summary
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to \"navigate the subframes of any other page,\" which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information."
},
{
"lang": "es",
"value": "WebKit en Safari en Apple Mac OS X versiones 10.4.11 y 10.5.1, iPhone versiones 1.0 hasta 1.1.2, y iPod touch versiones 1.1 hasta 1.1.2, permite a los atacantes remotos \"navigate the subframes of any other page\", lo que se puede aprovechar para conducir ataques de tipo cross-site scripting (XSS) y obtener informaci\u00f3n confidencial."
}
],
"id": "CVE-2007-5858",
"lastModified": "2024-11-21T00:38:51.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-19T21:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307178"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28497"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019108"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26911"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39091"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search history."
},
{
"lang": "es",
"value": "Safari en n Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 no borra correctamente el historial de b\u00fasqueda cuando es borrada desde la configuraci\u00f3n de la aplicaci\u00f3n, permitiendo que atacantes pr\u00f3ximos f\u00edsicamente obtengan el historial de b\u00fasqueda."
}
],
"id": "CVE-2009-1680",
"lastModified": "2024-11-21T01:03:04.020",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-19T16:30:00.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55240"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35448"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:01
Severity ?
Summary
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and allows remote Exchange servers to obtain sensitive information such as credentials."
},
{
"lang": "es",
"value": "Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 guarda una excepci\u00f3n para un nombre de servidor (hostname) cuando el usuario acepta un certificado de servidor Exchange no confiable, provocando que sea aceptado en usos futuros sin consultar al usuario y permitiendo que servidores Exchange remotos obtengan informaci\u00f3n sensible como las credenciales de acceso."
}
],
"id": "CVE-2009-0958",
"lastModified": "2024-11-21T01:01:20.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-19T16:30:00.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55236"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35447"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55236"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-16 02:00
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 through 1.1.2, iPod touch 1.1 through 1.1.2, and Mac OS X 10.5 through 10.5.1, allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted URL that triggers memory corruption in Safari."
},
{
"lang": "es",
"value": "Una vulnerabilidad no especificada en Foundation, como es usado en Apple iPhone versiones 1.0 hasta 1.1.2, iPod touch versiones 1.1 hasta 1.1.2 y Mac OS X versiones 10.5 hasta 10.5.1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (finalizaci\u00f3n de aplicaci\u00f3n) o ejecutar c\u00f3digo arbitrario por medio de una URL dise\u00f1ada que desencadena una corrupci\u00f3n de memoria en Safari."
}
],
"id": "CVE-2008-0035",
"lastModified": "2024-11-21T00:41:00.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-16T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28497"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28891"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27296"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019220"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Jan/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4334 | Vendor Advisory | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/61694 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4334 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/61694 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Accessibility component in Apple iOS before 4.1 on the iPhone and iPod touch does not perform the expected VoiceOver announcement associated with the location services icon, which has unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "El componente Accessibility en Apple iOS anterior a v4.1 en el iPhone e iPod touch no lleva a cabo el esperado anuncio de VoiceOver asociado con el icono de ubicaci\u00f3n de servicios, que tiene un impacto y unos vectores de ataque no especificados."
}
],
"id": "CVE-2010-1809",
"lastModified": "2024-11-21T01:15:14.437",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-09-09T22:00:01.517",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61694"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-14 18:41
Modified
2024-11-21 00:46
Severity ?
Summary
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.0 | |
| apple | iphone | 1.1 | |
| apple | iphone | 1.1.3 | |
| apple | ipod_touch | * | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583ED2CE-1AD1-42A6-AB52-5C721E8C9385",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5CF94D4-F05A-4F5A-B778-7FD4154DAB6B",
"versionEndIncluding": "1.1.4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F675A1E4-BAB9-44D2-BBA0-FCBF8A8FE858",
"versionEndIncluding": "1.1.4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590."
},
{
"lang": "es",
"value": "WebCore en Safari de Apple no realiza apropiadamente garbage collection de elementos de documentos JavaScript, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de pila y bloqueo de aplicaci\u00f3n) por medio de una referencia a la propiedad ownerNode de un objeto CSSStyleSheet copiado de un elemento STYLE, tal y como es demostrado originalmente en el iPhone anterior a la versi\u00f3n 2.0 y en el iPod touch anterior a la versi\u00f3n 2.0, de Apple, una vulnerabilidad diferente de CVE-2008-1590."
}
],
"id": "CVE-2008-2317",
"lastModified": "2024-11-21T00:46:36.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-14T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32706"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/494777/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/494777/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-045/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43737"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59630 | VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59630 | VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors."
},
{
"lang": "es",
"value": "Application Sandbox en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no impide el acceso a la fototeca, lo que puede permitir a atacantes remotos obtener informaci\u00f3n de la ubicaci\u00f3n mediante vectores no especificados."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html\r\n\r\n\u0027Installation note:\r\n\r\n\r\nThese updates are only available through iTunes, and will not appear\r\nin your computer\u0027s Software Update application, or in the Apple\r\nDownloads site. Make sure you have an Internet connection and have\r\ninstalled the latest version of iTunes from www.apple.com/itunes/\r\n\r\n\r\niTunes will automatically check Apple\u0027s update server on its weekly\r\nschedule. When an update is detected, it will download it. When\r\nthe iPhone or iPod touch is docked, iTunes will present the user with\r\nthe option to install the update. We recommend applying the update\r\nimmediately if possible. Selecting Don\u0027t Install will present the\r\noption the next time you connect your iPhone or iPod touch.\r\n\r\n\r\nThe automatic update process may take up to a week depending on the\r\nday that iTunes checks for updates. You may manually obtain the\r\nupdate via the Check for Updates button within iTunes. After doing\r\nthis, the update can be applied when your iPhone or iPod touch is\r\ndocked to your computer.\r\n\r\n\r\nTo check that the iPhone or iPod touch has been updated:\r\n\r\n\r\n* Navigate to Settings\r\n* Select General\r\n* Select About. The version after applying this update will be\r\n\"4.0 (8A293)\" or later.",
"id": "CVE-2010-1751",
"lastModified": "2024-11-21T01:15:07.403",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-22T20:30:01.523",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59630"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-12 19:30
Modified
2024-11-21 01:04
Severity ?
Summary
Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C27DF35F-2121-4219-B7F0-81D26863D5E9",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8498D2-DECC-4B88-BC1B-F8E2D076EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE457690-CB2B-42BD-B97C-E723AFD02FB7",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1A9F14-4F3A-4B85-9050-84B51D59C9A1",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs."
},
{
"lang": "es",
"value": "Una vulnerabilidad de lista negra incompleta en WebKit en Safari de Apple anterior a versi\u00f3n 4.0.3, como es usado en iPhone OS anterior a versi\u00f3n 3.1, iPhone OS anterior a versi\u00f3n 3.1.1, para iPod touch y otras plataformas, permite a atacantes remotos falsificar nombres de dominio en URL y posiblemente conducir ataques de phishing, por medio de homoglifos no especificados."
}
],
"id": "CVE-2009-2199",
"lastModified": "2024-11-21T01:04:22.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-08-12T19:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36677"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3733"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36026"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022719"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:01
Severity ?
Summary
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL."
},
{
"lang": "es",
"value": "El componente Mail en iPhone OS versiones 1.0 hasta 2.2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, no proporciona una opci\u00f3n para deshabilitar la carga remota de im\u00e1genes en el correo electr\u00f3nico HTML, lo que permite a los atacantes remotos determinar la direcci\u00f3n del dispositivo y cuando se lee un correo electr\u00f3nico por medio de un correo electr\u00f3nico HTML que contiene una URL de imagen."
}
],
"id": "CVE-2009-0960",
"lastModified": "2024-11-21T01:01:20.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-19T16:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35434"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51209"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-11-21 01:03
Severity ?
Summary
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E139B2-65BD-4416-9D99-48E132BEC3A5",
"versionEndIncluding": "3.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
},
{
"lang": "es",
"value": "WebKit en Apple Safari anteriores a v4.0 no inicializa un puntero durante el proceso de llamada de funci\u00f3n attr Cascading Style Sheets (CSS) con un argumento num\u00e9rico largo, lo que permite a los atacantes remotos ejecutar arbitrariamente c\u00f3digo o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de documentos HTML manipulados."
}
],
"id": "CVE-2009-1698",
"lastModified": "2024-11-21T01:03:07.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:00:00.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55006"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35588"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36057"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36062"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36790"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1128.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504173/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504295/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35318"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-822-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1128.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504173/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504295/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-822-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-032/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:01
Severity ?
Summary
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert."
},
{
"lang": "es",
"value": "El componente Mail en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 descarta el dialogo de aprobaci\u00f3n de llamada cuando aparece otra alerta, pudiendo permitir a atacantes remotos forzar al iPhone hacer una llamada sin la aprobaci\u00f3n del usuario al causar que una aplicaci\u00f3n dispare una alerta."
}
],
"id": "CVE-2009-0961",
"lastModified": "2024-11-21T01:01:20.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-19T16:30:00.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55238"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:44
Severity ?
Summary
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image."
},
{
"lang": "es",
"value": "ImageIO en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio(consumo de memoria o reinicio del dispositivo) a trav\u00e9s de una imagen TIFF manipulada."
}
],
"id": "CVE-2008-1586",
"lastModified": "2024-11-21T00:44:52.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-25T23:30:00.233",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50023"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021270"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021270"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat does not consider this libTIFF bug to be a security issue.",
"lastModified": "2009-01-19T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | safari | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
},
{
"lang": "es",
"value": "Safari en Apple iPhone OS v1.0 hasta v2.1 e iPhone OS para iPod touch v1.1 hasta v2.1 no maneja adecuadamente los elementos HTML TABLE, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un documento HTML manipulado."
}
],
"id": "CVE-2008-4231",
"lastModified": "2024-11-21T00:51:13.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-25T23:30:00.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50028"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-23.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504211/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1522"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-09 17:30
Modified
2024-11-21 01:03
Severity ?
Summary
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C38B814-0E98-4BC7-9981-56F9EC1BFB74",
"versionEndIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8498D2-DECC-4B88-BC1B-F8E2D076EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE457690-CB2B-42BD-B97C-E723AFD02FB7",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1A9F14-4F3A-4B85-9050-84B51D59C9A1",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document."
},
{
"lang": "es",
"value": "WebKit en Apple Safari anterior a v4.0.2, no maneja adecuadamente las referencias de caracteres num\u00e9ricos, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un documento HTML manipulado."
}
],
"id": "CVE-2009-1725",
"lastModified": "2024-11-21T01:03:12.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-09T17:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55739"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35758"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36057"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36062"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36347"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36677"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36790"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "cve@mitre.org",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002162"
},
{
"source": "cve@mitre.org",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002163"
},
{
"source": "cve@mitre.org",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002164"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35607"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022526"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513813"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55739"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websvn.kde.org/?view=rev\u0026revision=1002164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/35607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-08-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | ipod_touch | - | |
| apple | iphone_os | - | |
| webkitgtk | webkitgtk | * | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B27F2F-BE67-4212-AA9A-454677D56C47",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving form menus."
},
{
"lang": "es",
"value": "WebKit en Apple OI anterior a v4.1 en el iPhone y el iPod touch permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores que implican form menus."
}
],
"id": "CVE-2010-1814",
"lastModified": "2024-11-21T01:15:15.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.797",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43083"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61701"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-09 17:30
Modified
2024-11-21 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C38B814-0E98-4BC7-9981-56F9EC1BFB74",
"versionEndIncluding": "4.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BE8498D2-DECC-4B88-BC1B-F8E2D076EE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE457690-CB2B-42BD-B97C-E723AFD02FB7",
"versionEndIncluding": "3.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1A9F14-4F3A-4B85-9050-84B51D59C9A1",
"versionEndIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en WebKit en Safari de Apple anterior a versi\u00f3n 4.0.2, tal y como es usado en iPhone OS anterior a versi\u00f3n 3.1, iPhone OS anterior a versi\u00f3n 3.1.1 para iPod touch, y otras plataformas, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio de vectores relacionados con los objetos primarios y superiores."
}
],
"id": "CVE-2009-1724",
"lastModified": "2024-11-21T01:03:12.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-07-09T17:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55738"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35758"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/36677"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35441"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1022525"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1022525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6208"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.\n",
"lastModified": "2009-08-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-11-21 01:03
Severity ?
Summary
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | safari | * | |
| apple | safari | 2.0 | |
| apple | safari | 2.0.0 | |
| apple | safari | 2.0.1 | |
| apple | safari | 2.0.2 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.4 | |
| apple | safari | 3.0 | |
| apple | safari | 3.0.0 | |
| apple | safari | 3.0.0b | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1b | |
| apple | safari | 3.0.2 | |
| apple | safari | 3.0.2b | |
| apple | safari | 3.0.3 | |
| apple | safari | 3.0.3b | |
| apple | safari | 3.0.4 | |
| apple | safari | 3.0.4b | |
| apple | safari | 3.1.0 | |
| apple | safari | 3.1.0b | |
| apple | safari | 3.1.1 | |
| apple | safari | 3.1.2 | |
| apple | safari | 3.2.0 | |
| apple | safari | 3.2.1 | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E139B2-65BD-4416-9D99-48E132BEC3A5",
"versionEndIncluding": "3.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en la implementaci\u00f3n en WebKit en Apple Safari anteriores a v4.0, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) destruyendo un elemento document.body que tiene un contenedor XML no especificado con elementos que soportan el atributo dir. \r\n"
}
],
"id": "CVE-2009-1701",
"lastModified": "2024-11-21T01:03:08.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:00:00.563",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55008"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35325"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35325"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-14 18:41
Modified
2024-11-21 00:44
Severity ?
Summary
JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.0 | |
| apple | iphone | 1.1.3 | |
| apple | iphone | 1.1.4 | |
| apple | iphone | 1.02 | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | ipod_touch | 1.1.4 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| webkit | javascriptcore | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkit:javascriptcore:*:*:*:*:*:*:*:*",
"matchCriteriaId": "547670B7-33BA-438C-9AA6-31EB8B4B2DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch before 2.0 does not properly perform runtime garbage collection, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger memory corruption, a different vulnerability than CVE-2008-2317."
},
{
"lang": "es",
"value": "JavaScriptCore en WebKit de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0, no realiza correctamente la recolecci\u00f3n de basura en tiempo de ejecuci\u00f3n, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante vectores no especificados que provocan una corrupci\u00f3n de memoria. Se trata de una vulnerabilidad diferente de CVE-2008-2317."
}
],
"id": "CVE-2008-1590",
"lastModified": "2024-11-21T00:44:52.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-14T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43738"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-03-29 19:30
Modified
2024-11-21 01:13
Severity ?
Summary
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 3.1.3 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a MARQUEE element."
},
{
"lang": "es",
"value": "Safari en Apple iPhone OS v3.1.3 y en iPod touch permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en un elemento MARQUEE."
}
],
"id": "CVE-2010-1181",
"lastModified": "2024-11-21T01:13:49.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-03-29T19:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://nishantdaspatnaik.yolasite.com/ipodpoc6.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | ipod_touch | - | |
| apple | iphone_os | - | |
| webkitgtk | webkitgtk | * | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B27F2F-BE67-4212-AA9A-454677D56C47",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en WebKit en Apple iOS anterior a v4.1 en el iPhone e iPod touch, permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante vectores que comprenden selecciones."
}
],
"id": "CVE-2010-1812",
"lastModified": "2024-11-21T01:15:14.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.687",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43079"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61699"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | ipod_touch | - | |
| apple | iphone_os | - | |
| webkitgtk | webkitgtk | * | |
| canonical | ubuntu_linux | 9.10 | |
| canonical | ubuntu_linux | 10.04 | |
| canonical | ubuntu_linux | 10.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66B27F2F-BE67-4212-AA9A-454677D56C47",
"versionEndExcluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars."
},
{
"lang": "es",
"value": "Vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n en WebKit en Apple iOS anterior a v4.1 en iPhone e iPod touch, permite a atacantes remotos producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante vectores que comprenden las barras de desplazamiento."
}
],
"id": "CVE-2010-1815",
"lastModified": "2024-11-21T01:15:15.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.843",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43081"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/43081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61702"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-14 18:41
Modified
2024-11-21 00:44
Severity ?
Summary
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.0 | |
| apple | iphone | 1.1.3 | |
| apple | iphone | 1.1.4 | |
| apple | iphone | 1.02 | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | ipod_touch | 1.1.4 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 misinterprets a menu button press as user confirmation for visiting a web site with a (1) self-signed or (2) invalid certificate, which makes it easier for remote attackers to spoof web sites."
},
{
"lang": "es",
"value": "Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 no interpreta correctamente que se pulse en un bot\u00f3n del men\u00fa como la confirmaci\u00f3n de un usuario al visitar un sitio Web con un certificado (1)autofirmado o (2) no v\u00e1lido; esto facilita a atacantes remotos falsificar los sitios Web."
}
],
"id": "CVE-2008-1589",
"lastModified": "2024-11-21T00:44:52.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-14T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN88676089/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43734"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a "logic issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related to a \"logic issue.\""
},
{
"lang": "es",
"value": "El componente Telephony en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicializar el dispositivo) mediante una petici\u00f3n de eco ICMP manipulada, disparando un error de aserci\u00f3n relacionado con un \"elemento l\u00f3gico\"."
}
],
"id": "CVE-2009-1683",
"lastModified": "2024-11-21T01:03:04.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-19T16:30:00.360",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN87239696/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-07 19:55
Modified
2024-11-21 01:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goodiware:goodreader:*:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "A512E7A4-2719-406B-9FE3-7110780BBEB0",
"versionEndIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:1.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DEEEDF06-70AF-400F-A255-958C35AF8ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C8813AE8-3B09-42BE-8648-B53D5BCFD4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "9EABEBAE-BEFA-4DB3-B936-61A7334C898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C5B4E5D5-9EC6-4F40-8B04-8759FD98D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0C790D9C-99F6-486A-B0AC-C0436233ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.4:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "124C64BB-38F7-4C48-8706-C4D57F72F8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.5:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "551A93FB-A48F-46C3-B38B-FF8C363CD7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.5.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "15FB54DD-EB27-46D3-9D67-12E459DD713F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.6:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4B992995-072C-4903-8547-F46F1982BED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.7:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "13AE384F-454C-4D9C-A7D2-BAEA2D8C6BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.7.4:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C9632B28-AE0C-4FF6-9371-909F64D8420D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.8:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "454DD4A4-A01F-436A-B4DC-30067577B0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.8.4:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DC4E8D61-7F02-4087-BE7B-E42AFBA54A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "163936CF-4105-4C42-9512-891FD2C40586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6D673B72-16E3-4E0F-8E3F-8391B6BBBB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "69D311FB-B051-47CE-8C10-67B0AE216286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "3650708A-50C5-4847-AB33-CCEB4F022D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.1.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4B379E69-63F3-4A35-9659-201DF86DAEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.1.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "03687576-1800-44CE-9E4D-01C9CB39818F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.2.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F9434C20-80E8-4E92-A676-89C2341EBDE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.3.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "12C0EB51-67EE-409D-AA43-83C4F669D868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.3.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C6C60768-3262-47C3-B256-8962B9228ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.4.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "80BD00A6-3CB5-44A3-BA99-D824ED99D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.4.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E0C26852-DB6E-4DE4-9151-DE699A2206D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.5.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "18955206-CE27-46E3-A775-F4A15A8BC18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.5.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C3F86EEE-46A7-49B4-A614-C534B4F457F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.6.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5548BA93-0F98-425E-A972-3D2678776D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.6.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "85CA0D3E-3B6B-4E3F-83B4-AE94F5C2EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.7.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "9956CA7B-8072-4733-9274-3CE3A4CB0D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.7.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "738D2805-2FFD-4AA3-86AD-74B589C51715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.8.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5B15C2E1-2526-40FC-B6BA-B665C670C282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.9.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D7396079-42D6-487A-B211-433F7B58B126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "7306C1EA-57F2-460F-B40F-AD159E6A5213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "A2DA3563-62A2-415A-817D-5F961C19F831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C60A6036-2705-47D7-ADE0-5AAA1B93AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "60454C61-12D7-47E5-9BEE-A974508D1DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.11.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "3326E57C-849A-454A-A4F4-FD6FAE2DA0E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.11.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E0D34BE5-A35C-46E4-8253-8B06A7F63671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.12.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0A818D2B-24A9-413F-928F-70EA3537053D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.13.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "669266BB-59B5-4132-9353-25E530ADCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.13.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "44E30566-25A0-4BB9-9BEC-5B9217C5E5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.14.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "133FFC6E-C09F-496C-BE49-B4E9A98A15E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.14.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6CF8D523-BBA7-4325-8552-06953C4EB31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.15.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D14D3D50-AD2F-4939-9F13-5F3C4B6F85C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.15.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B5F3668E-892F-4088-ADA1-748BA512CB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipad:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAADE29A-712B-4AD5-A78B-6AD537BA9196",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:goodiware:goodreader:*:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "241FE526-BD85-4113-8F04-9951B1432E21",
"versionEndIncluding": "3.15.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:1.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DEEEDF06-70AF-400F-A255-958C35AF8ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C8813AE8-3B09-42BE-8648-B53D5BCFD4EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "9EABEBAE-BEFA-4DB3-B936-61A7334C898D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C5B4E5D5-9EC6-4F40-8B04-8759FD98D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0C790D9C-99F6-486A-B0AC-C0436233ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.4:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "124C64BB-38F7-4C48-8706-C4D57F72F8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.5:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "551A93FB-A48F-46C3-B38B-FF8C363CD7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.5.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "15FB54DD-EB27-46D3-9D67-12E459DD713F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.6:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4B992995-072C-4903-8547-F46F1982BED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.7:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "13AE384F-454C-4D9C-A7D2-BAEA2D8C6BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.8.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DE9BE213-9877-4530-B472-F847492305A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:2.8.5:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B408B081-9877-4C2D-B06C-E3E232A3410E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "163936CF-4105-4C42-9512-891FD2C40586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6D673B72-16E3-4E0F-8E3F-8391B6BBBB75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "69D311FB-B051-47CE-8C10-67B0AE216286",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.0.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "3650708A-50C5-4847-AB33-CCEB4F022D6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.2.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "67D71508-7D4D-49A2-B607-418D2A177D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.2.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "34519894-9652-459A-AC9D-BE5DEEC0A1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.3.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "12C0EB51-67EE-409D-AA43-83C4F669D868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.3.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C6C60768-3262-47C3-B256-8962B9228ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.4.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "80BD00A6-3CB5-44A3-BA99-D824ED99D443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.4.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E0C26852-DB6E-4DE4-9151-DE699A2206D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.5.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "18955206-CE27-46E3-A775-F4A15A8BC18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.5.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C3F86EEE-46A7-49B4-A614-C534B4F457F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.6.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "5548BA93-0F98-425E-A972-3D2678776D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.6.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "85CA0D3E-3B6B-4E3F-83B4-AE94F5C2EC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.7.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "9956CA7B-8072-4733-9274-3CE3A4CB0D3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.7.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "738D2805-2FFD-4AA3-86AD-74B589C51715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.8.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "95BCC311-CF0A-4826-A9BC-21275BD6DE9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.9.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1FD180CE-CF5F-483B-9ED9-0F04810662C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "7306C1EA-57F2-460F-B40F-AD159E6A5213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "A2DA3563-62A2-415A-817D-5F961C19F831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.2:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C60A6036-2705-47D7-ADE0-5AAA1B93AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.10.3:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "60454C61-12D7-47E5-9BEE-A974508D1DE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.11.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "3326E57C-849A-454A-A4F4-FD6FAE2DA0E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.11.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E0D34BE5-A35C-46E4-8253-8B06A7F63671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.12.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "7C45C059-E559-4544-A908-985680ADB12C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.13.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "669266BB-59B5-4132-9353-25E530ADCA4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.13.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "44E30566-25A0-4BB9-9BEC-5B9217C5E5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.14.1:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B20858B8-E692-4BF2-AECE-0418170B2583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:goodiware:goodreader:3.15.0:-:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D14D3D50-AD2F-4939-9F13-5F3C4B6F85C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la app GoodReader v3.16 y anteriores para iOS en iPad, y v3.15.1 y anteriores para IOS en iPhone e iPod touch, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores que implican el uso de la aplicaci\u00f3n junto a un navegador."
}
],
"id": "CVE-2012-2648",
"lastModified": "2024-11-21T01:39:21.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-07T19:55:02.187",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN01598734/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2024-11-21 00:49
Severity ?
Summary
Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.1 | |
| apple | iphone | 1.1.3 | |
| apple | iphone | 1.1.4 | |
| apple | iphone | 2.0 | |
| apple | iphone | 2.0.1 | |
| apple | iphone | 2.0.2 | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | ipod_touch | 1.1.4 | |
| apple | ipod_touch | 2.0 | |
| apple | ipod_touch | 2.0.1 | |
| apple | ipod_touch | 2.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583ED2CE-1AD1-42A6-AB52-5C721E8C9385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70647BF0-56BE-44ED-A6E7-10C372E0BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCD5B89-81D3-4816-80B4-B427127DB889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B045BAF-EB4A-409F-97E7-1DB3E89ACD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188712AA-31CA-4209-9042-D6E986C630A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964F39E4-541C-4562-B915-3254FBFBB304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7600D384-9832-4451-B836-ADAF0E76755D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements."
},
{
"lang": "es",
"value": "Una vulnerabilidad de uso de memoria previamente liberada en WebKit en iPod touch versiones 1.1 hasta 2.0.2 y iPhone versiones 1.0 hasta 2.0.2, de Apple, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una p\u00e1gina web con sentencias de importaci\u00f3n de Hojas de Estilo en Cascada (CSS)."
}
],
"id": "CVE-2008-3632",
"lastModified": "2024-11-21T00:49:44.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-09-11T01:13:09.960",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31823"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31900"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32099"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32860"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020847"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-676-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-676-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:14
Severity ?
Summary
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | iphone_os | 3.1.2 | |
| apple | iphone_os | 3.1.3 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "593E5E7E-9606-430E-851A-4AE2D35423AD",
"versionEndIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the history.replaceState method in certain situations involving IFRAME elements, which allows remote attackers to obtain sensitive information via a crafted HTML document."
},
{
"lang": "es",
"value": "WebKit en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada el m\u00e9todo history.replaceState en ciertas situaciones relacionadas con elementos IFRAME, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante un documento HTML manipulado."
}
],
"id": "CVE-2010-1407",
"lastModified": "2024-11-21T01:14:20.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.460",
"references": [
{
"source": "product-security@apple.com",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59629"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to URL handling."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en CFNetwork en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante vectores relacionados con el manejo de URL."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n\u0027Installation note: These updates are only available through iTunes, and will not appear in your computer\u0027s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple\u0027s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don\u0027t Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.\u0027",
"id": "CVE-2010-1752",
"lastModified": "2024-11-21T01:15:07.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.557",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59631"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME's content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | safari | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.1 through 2.1 does not restrict an IFRAME\u0027s content display to the boundaries of the IFRAME, which allows remote attackers to spoof a user interface via a crafted HTML document."
},
{
"lang": "es",
"value": "Safari en Apple iPhone OS 2.0 hasta 2.1 y iPhone OS para iPod touch 2.1 no restringe mostrar contenidos IFRAME para los l\u00edmites del IFRAME, el cual permite a los atacantes remotos espiar una interfaz de usuario a trav\u00e9s de documentos HTML manipulados."
}
],
"id": "CVE-2008-4232",
"lastModified": "2024-11-21T00:51:14.023",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-25T23:30:00.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50029"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50029"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-16 23:00
Modified
2024-11-21 00:50
Severity ?
Summary
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.1.4 | |
| apple | iphone | 2.0 | |
| apple | ipod_touch | 1.1.4 | |
| apple | ipod_touch | 2.0 | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:iphone:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70647BF0-56BE-44ED-A6E7-10C372E0BA0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188712AA-31CA-4209-9042-D6E986C630A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite en la funci\u00f3n _web_drawInRect:withFont:ellipsis:alignment:measureOnly \r\nen el WebKit en Safari en Apple iPhone 1.1.4 y 2.0 e iPod touch 1.1.4 y 2.0, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de navegador) a trav\u00e9s de una llamada a una alerta JavaScript con un argumento que carece de caracteres fr\u00e1giles y tiene una longitud que es m\u00faltiplo del tama\u00f1o de memoria, lo que conduce a una lectura fuera de l\u00edmites."
}
],
"id": "CVE-2008-3950",
"lastModified": "2024-11-21T00:50:33.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-16T23:00:01.337",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4264"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/496321/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.coresecurity.com/content/iphone-safari-javascript-alert-denial-of-service"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/496321/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/31061"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:03
Severity ?
Summary
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows physically proximate attackers to bypass the intended policy."
},
{
"lang": "es",
"value": "El componente Profiles en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1, cuando instalan un perfil de configuraci\u00f3n, puede reemplazar la pol\u00edtica de contrase\u00f1a desde Exchange ActiveSync por una pol\u00edtica de contrase\u00f1a d\u00e9bil, permitiendo a atacantes pr\u00f3ximos f\u00edsicamente eludir la pol\u00edtica prevista."
}
],
"id": "CVE-2009-1679",
"lastModified": "2024-11-21T01:03:03.857",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-06-19T16:30:00.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55239"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35436"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-14 18:41
Modified
2024-11-21 00:46
Severity ?
Summary
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.0 | |
| apple | iphone | 1.1.3 | |
| apple | iphone | 1.1.4 | |
| apple | iphone | 1.02 | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | ipod_touch | 1.1.4 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307."
},
{
"lang": "es",
"value": "Error de presencia de signo en entero en Safari de Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante vectores que contienen \u00edndices de arrays JavaScript que provocan un acceso fuera de l\u00edmites. Se trata de una vulnerabilidad diferente a CVE-2008-2307."
}
],
"id": "CVE-2008-2303",
"lastModified": "2024-11-21T00:46:33.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-14T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32706"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3298"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | * | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | 3.0 | |
| apple | iphone_os | 3.0.1 | |
| apple | iphone_os | 3.1 | |
| apple | iphone_os | 3.1.2 | |
| apple | iphone_os | 3.1.3 | |
| apple | iphone_os | 3.2 | |
| apple | iphone_os | 3.2.1 | |
| apple | iphone_os | 4.0 | |
| apple | iphone_os | 4.0.1 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB7F0B50-D34D-475D-9B84-60E346A8D81F",
"versionEndIncluding": "4.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate."
},
{
"lang": "es",
"value": "FaceTime en Apple iOS anterior a v4.1 en el iPhone e iPod touch no maneja correctamente certificados X.509 no v\u00e1lidos, lo cual permite a atacantes de \"hombre-en-medio\" redireccionar llamadas a trav\u00e9s de un certificado manipulado."
}
],
"id": "CVE-2010-1810",
"lastModified": "2024-11-21T01:15:14.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.577",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61695"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-11-21 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | safari | * | |
| apple | safari | 2.0 | |
| apple | safari | 2.0.0 | |
| apple | safari | 2.0.1 | |
| apple | safari | 2.0.2 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.4 | |
| apple | safari | 3.0 | |
| apple | safari | 3.0.0 | |
| apple | safari | 3.0.0b | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1b | |
| apple | safari | 3.0.2 | |
| apple | safari | 3.0.2b | |
| apple | safari | 3.0.3 | |
| apple | safari | 3.0.3b | |
| apple | safari | 3.0.4 | |
| apple | safari | 3.0.4b | |
| apple | safari | 3.1.0 | |
| apple | safari | 3.1.0b | |
| apple | safari | 3.1.1 | |
| apple | safari | 3.1.2 | |
| apple | safari | 3.2.0 | |
| apple | safari | 3.2.1 | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E139B2-65BD-4416-9D99-48E132BEC3A5",
"versionEndIncluding": "3.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebKit en Apple Safari anteriores a v4.0 permite a atacantes remotos inyectar secuencias de comandos web i HTML a traves de vctores relacionados con la gestion inadecuada de los objetos \"Location\" y \"History\"."
}
],
"id": "CVE-2009-1702",
"lastModified": "2024-11-21T01:03:08.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:00:00.577",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54993"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022344"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35327"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1022344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-18 16:30
Modified
2024-11-21 01:14
Severity ?
Summary
Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D019CFEE-6A1D-4276-B4D8-7C620808920C",
"versionEndIncluding": "9.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CBD58D1-C40D-4F6D-816F-A3842897EB05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C910CA4-5EA5-4507-BDE9-3E6C1434B666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0415D4B8-0281-4ED5-B3A1-A97BDD0F8D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1B4195D-1550-42D1-B562-0E438F7ACC2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B6A66A-AC5F-48E0-ABCE-68828207B106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1206A192-A22C-4C55-A323-1D28D89BED21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "071BFB1F-402B-4D8C-8155-671792AEDB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52E156DE-12B4-4E7A-B8C4-C2FC0AC2B2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCBA60E9-C5B5-4B4C-9FA3-7FE0F3F6871C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93748DFC-6003-4BED-87F9-98713F6897EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFB9D7E1-B715-4A93-9CDB-99A89C7D85B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A8873F1-4792-41A1-83B5-B85C9F4A7D56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB84AFE4-2694-475A-80D3-4D50C524EE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB20AA2E-5DF0-420C-A1FE-BB6EBA9649FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B48FDD0A-6DE5-44DD-B144-32B91DB26C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8343D87F-FA37-4225-B27D-BCCDD2433C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B591AE1E-02DB-462A-B71F-48947525D232",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34B5892B-0377-4D81-9E0E-94B8D8CE72C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2276BED4-82F0-4F62-AA6F-7E1667F28E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45D47548-1C4D-4368-99D1-929905DD6B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28AE8D2D-63CA-4091-9D59-CE919EB1FD75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC9E22D2-551A-4CDF-B9F0-C45A3A2B7695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "52A433A5-3EFF-405D-8285-97EC88857968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D62A1C5D-C25E-4E56-8FD0-F90C8E39C7F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "582D1FE8-C4E8-4385-B4EB-34320F019E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF61CE34-5130-4B1A-B7A2-B28C1A18B9BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEE6DEC-9B26-47F4-A2CF-CA49981C8864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2223B8E2-346A-4C37-9F6C-879F9CA64C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93E5227C-0621-43EE-A0F2-4B4545D71852",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB69B123-7A09-4855-9846-E8ACACB3C6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CC53F2-3827-4CA3-8726-C481B57B4AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1AFF8F-BBCA-4C93-A401-F8B478327BFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA3571F-9221-45CD-9798-CC72CA428D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "129ABCA4-FBF6-41B8-BF6B-65467D56D297",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "017E5A35-D778-46FD-A536-E57A13162675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6122C685-4F02-476F-9A41-9C62D3D92651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17D37426-00A0-40E5-A27A-CF31D8CBAEEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E11CADC-AFCC-4A98-9271-C35BC9752B40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "11F1530E-9E63-4A39-9056-3A946A34B650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3856A348-A0D6-4A0A-A8C9-D369CC863A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29E92D8D-68AB-4FC4-A37A-D6D48829B58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "670656BF-2BE2-41ED-854A-466DC4068FBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE7F79F-54F5-4315-98BD-414CA2D1C51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBF2E9F-0F37-4DDA-9704-B31D94745257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BBA5AB05-ADF6-4B5D-A4FD-9C149EC4577F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1143A4DE-F75B-4396-9D01-CE14EF8FCB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF87AB4-B3F3-4774-8CE3-A2B46C3D8DC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A02D076B-5900-401D-9B47-5136B9CEAA15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E479501-8832-41B0-A63C-360AE5A1B420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8961EDA-B567-4D92-8DBC-F887712F3BD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A60A3349-DE6E-4381-81C0-E682B791ED61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF2759C-6F94-4769-8EB2-16947C05CBB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B0F53FF4-8A15-475C-9FF6-54073A3F1B08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "80AFD7E5-A66F-4E43-BC34-EB6BF59186D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E41B2E2A-CE22-49FD-9558-0E6C87F53425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1950796-DA96-4443-85F4-91FE38A26612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5EBED9A-DCF4-47FE-9A6D-4573594AA645",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA4557D-2368-4497-B40C-222D27FDFA1C",
"versionEndIncluding": "3.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "863383DA-0BC6-4A96-835A-A96128EC0202",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2CFF5BE7-2BF6-48CE-B74B-B1A05383C10F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A20F171-79FE-43B9-8309-B18341639FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126EF22D-29BC-4366-97BC-B261311E6251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B3DD7B3-DA4C-4B0A-A94E-6BF66B358B7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769."
},
{
"lang": "es",
"value": "Vulnerabilidad no espec\u00edficada en WebKit en Apple iTunes anteriores a v9.2 en Windows, tiene un impacto y vectores de ataque desconocidos, es una vulnerabilidad diferente a CVE-2010-1387 y CVE-2010-1769."
}
],
"id": "CVE-2010-1387",
"lastModified": "2024-11-21T01:14:18.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-18T16:30:01.390",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40196"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"url": "http://securitytracker.com/id?1024108"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4220"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "product-security@apple.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506"
},
{
"source": "product-security@apple.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1024108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1006-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59632 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59632 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG image."
},
{
"lang": "es",
"value": "ImageIO en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) mediante una imagen JPEG manipulada."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n\u0027Installation note: These updates are only available through iTunes, and will not appear in your computer\u0027s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple\u0027s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don\u0027t Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.\u0027",
"id": "CVE-2010-1753",
"lastModified": "2024-11-21T01:15:07.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.587",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59632"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59632"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 displays SMS messages when the emergency-call screen is visible, which allows physically proximate attackers to obtain sensitive information by reading these messages. NOTE: this might be a duplicate of CVE-2008-4593."
},
{
"lang": "es",
"value": "La funcionalidad Passcode Lock en el sistema operativo del iPhone de Apple desde la v1.0 hasta la v2.1 y el sistema operativo iPhone para el iPod touch desde la v1.0 hasta la v2.1 muestra los mensajes SMS cuando la pantalla de llamada de emergencia esta visible, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n sensible mediante la lectura de estos mensajes. NOTA: Podr\u00eda ser una vulnerabilidad duplicada de CVE-2008-4593"
}
],
"id": "CVE-2008-4230",
"lastModified": "2024-11-21T00:51:13.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-25T23:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50027"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-11 01:13
Modified
2024-11-21 00:49
Severity ?
Summary
Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | 2.0 | |
| apple | ipod_touch | 2.0.1 | |
| apple | ipod_touch | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188712AA-31CA-4209-9042-D6E986C630A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964F39E4-541C-4562-B915-3254FBFBB304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7600D384-9832-4451-B836-ADAF0E76755D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, does not properly isolate third-party applications, which allows attackers to read arbitrary files in a third-party application\u0027s sandbox via a different third-party application."
},
{
"lang": "es",
"value": "El Sandbox de Aplicaciones en iPod touch versi\u00f3n 2.0 hasta 2.0.2, y iPhone versi\u00f3n 2.0 hasta 2.0.2 de Apple , no a\u00edsla apropiadamente las aplicaciones de terceros, lo que permite a los atacantes leer archivos arbitrarios en una sandbox de aplicaci\u00f3n de terceros por medio de una aplicaci\u00f3n de terceros diferente."
}
],
"evaluatorSolution": "Link to patched version (v2.1) - http://www.apple.com/ipodtouch/softwareupdate.html",
"id": "CVE-2008-3631",
"lastModified": "2024-11-21T00:49:44.140",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-11T01:13:09.930",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31823"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31900"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3026"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3129"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020846"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31900"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020846"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2558"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch 2.0 through 2.1 allows physically proximate attackers to remove the lock and launch arbitrary applications by restoring the device from a backup."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funcionalidad Passcode Lock de Apple Iphone OS v2.0 hasta v2.1 e iPhone OS para iPod touch v2.0 hasta v2.1, permite a atacantes f\u00edsicamente pr\u00f3ximos eliminar el bloqueo y lanzar aplicaciones de su elecci\u00f3n al restaurar el dispositivo desde una copia de seguridad."
}
],
"id": "CVE-2008-4229",
"lastModified": "2024-11-21T00:51:13.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-25T23:30:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50026"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-10 18:00
Modified
2024-11-21 01:03
Severity ?
Summary
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | safari | * | |
| apple | safari | 2.0 | |
| apple | safari | 2.0.0 | |
| apple | safari | 2.0.1 | |
| apple | safari | 2.0.2 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.3 | |
| apple | safari | 2.0.4 | |
| apple | safari | 3.0 | |
| apple | safari | 3.0.0 | |
| apple | safari | 3.0.0b | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1 | |
| apple | safari | 3.0.1b | |
| apple | safari | 3.0.2 | |
| apple | safari | 3.0.2b | |
| apple | safari | 3.0.3 | |
| apple | safari | 3.0.3b | |
| apple | safari | 3.0.4 | |
| apple | safari | 3.0.4b | |
| apple | safari | 3.1.0 | |
| apple | safari | 3.1.0b | |
| apple | safari | 3.1.1 | |
| apple | safari | 3.1.2 | |
| apple | safari | 3.2.0 | |
| apple | safari | 3.2.1 | |
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * | |
| apple | iphone_os | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B6E139B2-65BD-4416-9D99-48E132BEC3A5",
"versionEndIncluding": "3.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
"matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
"matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
"matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
"matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
"matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA1A4C8-9F87-449F-A11F-52E5D52247E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document."
},
{
"lang": "es",
"value": "La implementaci\u00f3n XSLT en WebKit en Apple Safari anteriores a 4.0 no trata apropiadamente las redirecciones, lo que permite a los atacantes remotos leer contenido XML desde p\u00e1ginas web arbitrarias a trav\u00e9s de documentos manipudados."
}
],
"id": "CVE-2009-1700",
"lastModified": "2024-11-21T01:03:07.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-10T18:00:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54973"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/35260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-09-09 22:00
Modified
2024-11-21 01:15
Severity ?
Summary
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
"versionEndExcluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines."
},
{
"lang": "es",
"value": "WebKit de Apple OI anterior a v4.1 en el iPhone e iPod touch permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de vectores que comprenden HTML object outlines."
}
],
"id": "CVE-2010-1813",
"lastModified": "2024-11-21T01:15:14.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-09T22:00:01.733",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/42314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61700"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Settings application in Apple iOS before 4 on the iPhone and iPod touch does not properly report the wireless network that is in use, which might make it easier for remote attackers to trick users into communicating over an unintended network."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n de Ajustes en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no notifica adecuadamente la red wireless que est\u00e1 en uso, lo que puede facilitar a atacantes remotos conducir a los usuarios a comunicarse a trav\u00e9s de una red no deseada."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n\u0027Installation note: These updates are only available through iTunes, and will not appear in your computer\u0027s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple\u0027s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don\u0027t Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.\u0027",
"id": "CVE-2010-1756",
"lastModified": "2024-11-21T01:15:08.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-06-22T20:30:01.663",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-14 18:41
Modified
2024-11-21 00:44
Severity ?
Summary
Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone | 1.0 | |
| apple | iphone | 1.1.3 | |
| apple | iphone | 1.1.4 | |
| apple | iphone | 1.02 | |
| apple | ipod_touch | 1.1 | |
| apple | ipod_touch | 1.1.1 | |
| apple | ipod_touch | 1.1.2 | |
| apple | ipod_touch | 1.1.3 | |
| apple | ipod_touch | 1.1.4 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | safari | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:iphone:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5F382364-1B45-4C62-AB29-A20512AA77D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D05600E6-6BC5-43C4-93E2-72585A3453B5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6430229D-ACD4-46AE-A6B5-95D3CC1AF514",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:iphone:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "CA40173B-5F79-400E-9540-7E0BF7A78E35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A22F1F9E-F5B0-4AB4-8CE9-50C540AE1AE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05097B1E-425A-4EF5-8D44-FFEC22994B6A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A0EBA08-CE54-4AE3-9AED-514392372B7D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E969C4E-45A5-4767-9959-A1AD2DE4E1C2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to spoof the address bar via Unicode ideographic spaces in the URL."
},
{
"lang": "es",
"value": "Safari en Apple iPhone anterior a 2.0 e iPod touch anterior a 2.0 , permite a atacantes remotos falsificar la barra de direcciones mediante espacios Unicode ideogr\u00e1ficos en la URL."
}
],
"id": "CVE-2008-1588",
"lastModified": "2024-11-21T00:44:52.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-07-14T18:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35379"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43732"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2094/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43732"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-06-19 16:30
Modified
2024-11-21 01:01
Severity ?
Summary
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | iphone_os | 1.0.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.1.0 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 | |
| apple | iphone_os | 2.1.1 | |
| apple | iphone_os | 2.2 | |
| apple | iphone_os | 2.2.1 | |
| apple | ipod_touch | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B6D035-38A9-4C0B-9A9D-CAE3BF1CA56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC16D1C-065A-4D1A-BA6E-528A71DF65CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF40CDA4-4716-4815-9ED0-093FE266734C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C14EEA4-6E35-4EBE-9A43-8F6D69318BA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B15E90AE-2E15-4BC2-B0B8-AFA2B1297B03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0C0A8D-3DDD-437A-BB3D-50FAEAF6C440",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an \"input validation issue.\""
},
{
"lang": "es",
"value": "El codificador de v\u00eddeo MPEG-4 en Apple iPhone OS v1.0 hasta v2.2.1 e iPhone OS para iPod touch v1.1 hasta v2.2.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (reinicializaci\u00f3n de dispositivo) mediante un fichero de v\u00eddeo MPEG-4 manipulado que dispara un \"evento de validaci\u00f3n de entrada\"."
}
],
"id": "CVE-2009-0959",
"lastModified": "2024-11-21T01:01:20.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-19T16:30:00.250",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/55237"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/35433"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/55237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/35433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51211"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-14 18:17
Modified
2024-11-21 00:37
Severity ?
Summary
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE66FF90-ED80-4184-820B-88F1BA250F71",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Safari para el Apple iPod touch (tambi\u00e9n conocido como iTouch) y iPhone 1.1.1 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n), y habilitar la navegaci\u00f3n del sistema de ficheros por parte del usuario local, mediante un determinado archivo TIFF."
}
],
"id": "CVE-2007-5450",
"lastModified": "2024-11-21T00:37:55.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-10-14T18:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27213"
},
{
"source": "cve@mitre.org",
"url": "http://www.toc2rta.com/?q=node/23"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3485"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37186"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/27213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.toc2rta.com/?q=node/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3485"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37186"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4522"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-22 20:30
Modified
2024-11-21 01:15
Severity ?
Summary
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| product-security@apple.com | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| product-security@apple.com | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| product-security@apple.com | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| product-security@apple.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/59633 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4225 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/41016 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/59633 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73DE6E60-6BDD-450C-B7E2-744A0183A2DD",
"versionEndExcluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors."
},
{
"lang": "es",
"value": "Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no maneja de manera adecuada desbloqueos basados en alertas en conjunci\u00f3n con las operaciones subsiguientes de bloqueo remoto a trav\u00e9s de MobileMe, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir los requerimientos de clave de acceso establecidos mediante vectores no especificados."
}
],
"evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html \r\n\r\n\u0027Installation note: These updates are only available through iTunes, and will not appear in your computer\u0027s Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/ iTunes will automatically check Apple\u0027s update server on its weekly schedule. When an update is detected, it will download it. When the iPhone or iPod touch is docked, iTunes will present the user with the option to install the update. We recommend applying the update immediately if possible. Selecting Don\u0027t Install will present the option the next time you connect your iPhone or iPod touch. The automatic update process may take up to a week depending on the day that iTunes checks for updates. You may manually obtain the update via the Check for Updates button within iTunes. After doing this, the update can be applied when your iPhone or iPod touch is docked to your computer. To check that the iPhone or iPod touch has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be \"4.0 (8A293)\" or later.\u0027",
"id": "CVE-2010-1754",
"lastModified": "2024-11-21T01:15:07.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-22T20:30:01.617",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT4225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/41016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59633"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-25 23:30
Modified
2024-11-21 00:51
Severity ?
Summary
The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | ipod_touch | * | |
| apple | iphone_os | * | |
| apple | iphone_os | 1.0 | |
| apple | iphone_os | 1.0.1 | |
| apple | iphone_os | 1.0.2 | |
| apple | iphone_os | 1.1 | |
| apple | iphone_os | 1.1.1 | |
| apple | iphone_os | 1.1.2 | |
| apple | iphone_os | 1.1.3 | |
| apple | iphone_os | 1.1.4 | |
| apple | iphone_os | 1.1.5 | |
| apple | iphone_os | 2.0 | |
| apple | iphone_os | 2.0.1 | |
| apple | iphone_os | 2.0.2 | |
| apple | iphone_os | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88FA2602-DDAB-4E23-A3D2-FB712970AAD1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB23F0-7226-4D0B-A3FA-A801F02EBA6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5B94E7-2C24-4913-B65E-8D8A0DE2B80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E28FB0CB-D636-4F85-B5F7-70EC30053925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AEDE82-E317-4066-A34F-BB3BCD3F53E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AEFAB-7BB0-40D8-8BA5-71B374EB69DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "297F9438-0F04-4128-94A8-A504B600929E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8618621-F871-4531-9F6C-7D60F2BF8B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "824DED2D-FA1D-46FC-8252-6E25546DAE29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1641DDFA-3BF1-467F-8EC3-98114FF9F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D61644E2-7AF5-48EF-B3D5-59C7B2AD1A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D06D54D-97FD-49FD-B251-CC86FBA68CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25A5D868-0016-44AB-80E6-E5DF91F15455",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows physically proximate attackers to leverage the emergency-call ability of locked devices to make a phone call to an arbitrary number."
},
{
"lang": "es",
"value": "La funcionalidad de bloqueo del terminal (Passcode Lock) en Apple iPhone OS 1.0 hasta 2.1 y iPhone OS para iPod touch 1.1 hasta 2.1 permite a atacantes con acceso f\u00edsico aprovechar la llamada de emergencia en dispositivos bloqueados hacer una llamada de tel\u00e9fono a un n\u00famero de se elecci\u00f3n."
}
],
"id": "CVE-2008-4228",
"lastModified": "2024-11-21T00:51:13.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-11-25T23:30:00.390",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50025"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT3318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3232"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}