Lucene search
K
AppleIpod Touch

18 matches found

CVE
CVE
added 2008/09/10 4:0 p.m.140 views

CVE-2008-3632

CVE-2008-3632 is a WebKit use-after-free vulnerability reported in SUSE/Nessus entries, affecting Apple iPod touch (1.1–2.0.2) and iPhone (1.0–2.0.2). The flaw arises in the CSS import handling of WebKit, enabling a remote attacker to trigger arbitrary code execution or cause an application crash...

9.3CVSS7.8AI score0.05951EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.111 views

CVE-2009-1692

CVE-2009-1692 affects WebKit (as used in Apple Safari, Mobile Safari on iPhone OS 1.0–2.2.x, iPod touch; and related WebKit-based apps). The issue is triggered by a large length attribute on an HTMLSelectElement, causing memory consumption or device reset (denial of service). Root cause: improper...

7.1CVSS5.5AI score0.04242EPSS
Web
CVE
CVE
added 2009/06/10 5:37 p.m.86 views

CVE-2009-1698

CVE-2009-1698 affects WebKit-based components (Safari before 4.0 and iPhone OS/iPod touch up to 2.2.1). The issue is an uninitialized pointer during handling of a CSS attr() function with a large numeric argument, enabling remote code execution or memory-corruption-induced denial of service via a...

9.3CVSS7.4AI score0.08462EPSS
CVE
CVE
added 2009/07/09 5:0 p.m.86 views

CVE-2009-1725

CVE-2009-1725 is a vulnerability in WebKit-based rendering used by Apple Safari (and KDE’s khtml/kdelibs, QtWebKit, and related WebKit-powered components) where improper handling of numeric character references can allow remote attackers to cause memory corruption, potentially executing code or c...

9.3CVSS7.4AI score0.06192EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.79 views

CVE-2009-1702

CVE-2009-1702 is an XSS vulnerability in WebKit used by Apple Safari and the iPhone OS Safari implementation, allowing remote attackers to inject arbitrary web script or HTML via improper handling of Location and History objects. Affected products include Safari

4.3CVSS6.5AI score0.0268EPSS
CVE
CVE
added 2009/07/09 5:0 p.m.77 views

CVE-2009-1724

Summary: CVE-2009-1724 is a cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari prior to 4.0.2 (on iPhone OS before 3.1 and 3.1.1 for iPod touch, among others). Root cause: arbitrary web script/HTML can be injected via vectors related to parent and top objects. Impact (as stat...

4.3CVSS6.6AI score0.06212EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.66 views

CVE-2009-1700

The CVE-2009-1700 entry describes a vulnerability in WebKit’s XSLT handling that affects Apple Safari before 4.0, iPhone OS 1.0–2.2.1, and iPhone OS for iPod touch 1.1–2.2.1. The issue is improper processing of redirects, enabling remote attackers to read XML content from arbitrary pages via a cr...

4.3CVSS7.6AI score0.02619EPSS
CVE
CVE
added 2009/06/10 5:37 p.m.65 views

CVE-2009-1701

CVE-2009-1701 is a use-after-free in WebKit's JavaScript DOM handling, affecting Apple Safari before 4.0 (and related iPhone OS versions). Exploitation involves destroying a document.body with an XML container and dir attributes, enabling remote code execution or a denial of service through memor...

9.3CVSS8.7AI score0.07746EPSS
CVE
CVE
added 2008/09/16 11:0 p.m.64 views

CVE-2008-3950

The CVE is based on a real DoS vulnerability in WebKit used by Safari on iPhone/iPod touch (versions 1.1.4 and 2.0). The issue is an off-by-one in _web_drawInRect:withFont:ellipsis:alignment:measureOnly: triggered by a crafted alert() string with a length that is a multiple of the 4096-byte memor...

5CVSS6.1AI score0.07084EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.59 views

CVE-2009-1680

CVE-2009-1680 affects Safari on Apple iPhone OS versions 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1. The issue is that the browser does not properly clear the search history when cleared from the Settings application, allowing physically proximate attackers to obtain the sea...

2.1CVSS6.1AI score0.00379EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.57 views

CVE-2009-0960

CVE-2009-0960 affects Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1, specifically the Mail component. The underlying issue is that there is no option to disable remote image loading in HTML email, which allows a remote attacker to determine the device’s address and when an emai...

4.3CVSS6.1AI score0.0189EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.56 views

CVE-2009-0961

The CVE-2009-0961 issue affects Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The Mail component could dismiss the call-approval dialog when another alert appears, potentially allowing a remote attacker to place a call without user approval by triggering an alert. The connecte...

5CVSS6.4AI score0.06384EPSS
CVE
CVE
added 2009/09/10 9:0 p.m.54 views

CVE-2009-2206

The CVE-2009-2206 issue affects Apple iPhone OS AudioCodecs (CoreAudio) where multiple heap-based buffer overflows occur while parsing AAC/MP3 streams. Vulnerable on iPhone OS <3.1 and iPod touch

6.8CVSS7.9AI score0.04626EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.53 views

CVE-2009-1683

The CVE-2009-1683 issue affects Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1, where a remote attacker can trigger a denial of service (device reset) via a crafted ICMP echo request. The root cause is described as a logic issue in the Telephony component, leading to an assertio...

7.8CVSS6.3AI score0.02798EPSS
CVE
CVE
added 2008/09/10 4:0 p.m.52 views

CVE-2008-3631

CVE-2008-3631 affects Apple iPod touch/iPhone 2.0 era. The Application Sandbox fails to properly isolate third‑party applications, allowing a malicious or compromised third‑party app to read arbitrary files in another third‑party sandbox. Root cause: inadequate sandbox isolation between third‑par...

7.1CVSS6.1AI score0.01905EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.52 views

CVE-2009-0958

Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1 store an exception for a hostname after the user accepts an untrusted Exchange certificate, causing the certificate to be accepted in future use and enabling remote Exchange servers to obtain sensitive information such as credential...

4.3CVSS5.8AI score0.00944EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.52 views

CVE-2009-1679

The CVE covers Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The Profiles component, when installing a configuration profile, can replace ActiveSync’s password policy with a weaker one, allowing physically proximate attackers to bypass the policy. Impact: bypass of password po...

2.1CVSS6.3AI score0.00356EPSS
CVE
CVE
added 2009/06/19 4:0 p.m.51 views

CVE-2009-0959

CVE-2009-0959 affects Apple iPhone OS 1.0–2.2.1 and iPhone OS for iPod touch 1.1–2.2.1. The vulnerability is in the MPEG-4 video codec and is caused by an input validation issue in a crafted MPEG-4 video file, leading to a denial of service (device reset). Exploitation details are not provided in...

7.1CVSS6.4AI score0.02508EPSS