| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-1699 | 7.1 |
The XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files
|
10-02-2024 - 02:48 | 10-06-2009 - 18:00 | |
| CVE-2009-0040 | 6.8 |
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a cr
|
09-02-2024 - 03:25 | 22-02-2009 - 22:30 | |
| CVE-2008-3281 | 4.3 |
libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.
|
02-02-2024 - 15:02 | 27-08-2008 - 20:41 | |
| CVE-2008-3651 | 4.0 |
Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.
|
13-02-2023 - 02:19 | 13-08-2008 - 01:41 | |
| CVE-2008-3529 | 10.0 |
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
|
13-02-2023 - 02:19 | 12-09-2008 - 16:56 | |
| CVE-2008-3652 | 7.8 |
src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).
|
13-02-2023 - 02:19 | 13-08-2008 - 01:41 | |
| CVE-2009-1179 | 6.8 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
|
13-02-2023 - 02:19 | 23-04-2009 - 17:30 | |
| CVE-2009-1692 | 7.1 |
WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page conta
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-1700 | 4.3 |
The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages v
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
| CVE-2009-1680 | 2.1 |
Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly clear the search history when it is cleared from the Settings application, which allows physically proximate attackers to obtain the search h
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-1683 | 7.8 |
The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted ICMP echo request, which triggers an assertion error related
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-1702 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
| CVE-2009-1701 | 9.3 |
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
| CVE-2009-1679 | 2.1 |
The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1, when installing a configuration profile, can replace the password policy from Exchange ActiveSync with a weaker password policy, which allows
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-1698 | 9.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which a
|
09-08-2022 - 13:48 | 10-06-2009 - 18:00 | |
| CVE-2009-0960 | 4.3 |
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-0958 | 4.3 |
Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 stores an exception for a hostname when the user accepts an untrusted Exchange server certificate, which causes it to be accepted without prompting in future usage and a
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-0961 | 5.0 |
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-0959 | 7.1 |
The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to cause a denial of service (device reset) via a crafted MPEG-4 video file that triggers an "input validation issue."
|
09-08-2022 - 13:48 | 19-06-2009 - 16:30 | |
| CVE-2009-0946 | 7.5 |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c.
|
05-04-2021 - 19:25 | 17-04-2009 - 00:30 | |
| CVE-2009-1690 | 9.3 |
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary c
|
26-09-2019 - 17:05 | 10-06-2009 - 14:30 | |
| CVE-2009-0165 | 10.0 |
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
|
06-03-2019 - 16:30 | 23-04-2009 - 19:30 | |
| CVE-2009-0147 | 4.3 |
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg,
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
| CVE-2009-0146 | 4.3 |
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (
|
06-03-2019 - 16:30 | 23-04-2009 - 17:30 | |
| CVE-2008-3623 | 9.3 |
Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 on Windows, in iPhone OS 1.0 through 2.2.1, and in iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (applic
|
30-10-2018 - 16:25 | 17-11-2008 - 18:18 | |
| CVE-2008-2320 | 9.3 |
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (app
|
11-10-2018 - 20:40 | 04-08-2008 - 01:41 | |
| CVE-2009-0945 | 9.3 |
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other pr
|
10-10-2018 - 19:32 | 13-05-2009 - 17:30 | |
| CVE-2009-1687 | 9.3 |
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code o
|
29-09-2017 - 01:34 | 10-06-2009 - 14:30 | |
| CVE-2009-0153 | 4.3 |
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems,
|
29-09-2017 - 01:33 | 13-05-2009 - 15:30 | |
| CVE-2008-4226 | 10.0 |
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
| CVE-2008-4225 | 7.8 |
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
|
29-09-2017 - 01:32 | 25-11-2008 - 23:30 | |
| CVE-2009-0155 | 6.8 |
Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
| CVE-2009-0145 | 6.8 |
CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafte
|
08-08-2017 - 01:33 | 13-05-2009 - 15:30 | |
| CVE-2008-4409 | 5.0 |
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a c
|
08-08-2017 - 01:32 | 03-10-2008 - 17:41 | |
| CVE-2009-1694 | 5.8 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS el
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1696 | 5.0 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
| CVE-2009-1685 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.impl
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1684 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that trigge
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1689 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1695 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
| CVE-2009-1686 | 9.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allow
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1693 | 5.8 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capt
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1688 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determini
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1681 | 4.3 |
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 | |
| CVE-2009-1697 | 4.3 |
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML documen
|
17-02-2011 - 06:43 | 10-06-2009 - 18:00 | |
| CVE-2009-1691 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insuffici
|
17-02-2011 - 06:43 | 10-06-2009 - 14:30 |