CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3740
https://notcve.org/view.php?id=CVE-2012-3740
The Passcode Lock implementation in Apple iOS before 6 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. La implementación Passcode Lock en Apple iOS anterior a la v6 no maneja adecuadamente el estado cerrado, lo que permite a atacantes físicos evitar el código de acceso al terminal a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3731
https://notcve.org/view.php?id=CVE-2012-3731
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. Mail en Apple iOS anterior a v6 no implementa adecuadamente la característica de protección de datos para los adjuntos, lo que permite a atacantes físicos evitar el passcode a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85643 http://support.apple.com/kb/HT5503 •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3745
https://notcve.org/view.php?id=CVE-2012-3745
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. Una vulnerabilidad de "error por uno" en Telephony en Apple iOS antes de v6 permite a atacantes remotos causar una denegación de servicio (interrupción por desbordamiento de búfer y perdida de conectividad) a través de una cabecera de datos de usuario modificada a mano en un mensaje SMS. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78722 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3743
https://notcve.org/view.php?id=CVE-2012-3743
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files. La implementación de System Logs en Apple iOS antes de v6, no restringe el acceso a /var/log a las aplicaciones aisladas, lo que permite a atacantes remotos obtener información sensible a través de aplicaciones modificadas que leen archivos de log. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85621 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78718 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-3724
https://notcve.org/view.php?id=CVE-2012-3724
CFNetwork in Apple iOS before 6 does not properly identify the host portion of a URL, which allows remote attackers to obtain sensitive information by leveraging the construction of an HTTP request with an incorrect hostname derived from a malformed URL. CFNetwork en Apple iOS anterior a v6 no identifica adecuadamente el host en una parte de la URL, lo que permite a atacantes remotos obtener información sensible aprovechando la construcción de una petición HTTP con un nombre de host incorrecto derivado de una URL mal formada. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://osvdb.org/85637 http://support.apple.com/kb/HT5503 https://exchange.xforce.ibmcloud.com/vulnerabilities/78723 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •