CVSS: 4.3EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3730
https://notcve.org/view.php?id=CVE-2012-3730
Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender. Mail en Apple iOS anterior a v6 no implementa adecuadamente la reutilización de los valores de cabecera Content-ID, lo que permite a atacantes remosos suplantar los adjuntos a través de un valor de cabecera que se usó en un correo previo, como se ha demostrado mediante un mensaje de un remitente distinto. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85626 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78717 •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3724
https://notcve.org/view.php?id=CVE-2012-3724
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. CFNetwork en Apple iOS anterior a v6 no identifica adecuadamente el host en una parte de la URL, lo que permite a atacantes remotos obtener información sensible aprovechando la construcción de una petición HTTP con un nombre de host incorrecto derivado de una URL mal formada. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85637 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78723 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3732
https://notcve.org/view.php?id=CVE-2012-3732
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity. Mail en Apple iOS anterior a v6 utiliza una dirección "desde" del tipo S/MIME para mostrar la dirección de envío, lo que permite a atacantes remotos suplantar el contenido firmado a través de un correo en el que el campo "From" (desde) no valida la identidad del firmante. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85625 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78719 • CWE-310: Cryptographic Issues •
CVSS: 6.9EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3728
https://notcve.org/view.php?id=CVE-2012-3728
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. El kernel de Apple iOS anterior a v6 no referencia punteros no válidos durante el manejo del filtrado de paquetes en las estructuras de datos, lo que permite a usuarios locales obtener privilegios a través de programas modificados que realizan llamadas ioctl. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85629 http://support.apple.com/kb/HT5503 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3731
https://notcve.org/view.php?id=CVE-2012-3731
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Mail en Apple iOS anterior a v6 no implementa adecuadamente la característica de protección de datos para los adjuntos, lo que permite a atacantes físicos evitar el passcode a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85643 http://support.apple.com/kb/HT5503 •