CVSS: 7.5EPSS: 0%CPEs: 38EXPL: 0CVE-2011-0228
https://notcve.org/view.php?id=CVE-2011-0228
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain. El componente Data Security de Apple iOS antes de v4.2.10 y v4.3.x antes de v4.3.5 no comprueba el parámetro basicConstraints durante la validación de cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle, falsificar un servidor SSL mediante un certificado no-CA y firmar un certificado para un dominio de su elección. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00005.html http://secunia.com/advisories/45369 http://securityreason.com/securityalert/8361 http://securitytracker.com/id?1025837 http://support.apple.com/kb/HT4824 http://support.apple.com/kb/HT4825 http://www.securityfocus.com/archive/1/518982/100/0/threaded http://www.securityfocus.com/bid/48877 https://www.trustwave.com/spiderlabs/advisor • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 5%CPEs: 58EXPL: 0CVE-2011-0226 – freetype: postscript type1 font parsing vulnerability
https://notcve.org/view.php?id=CVE-2011-0226
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. Error de entero sin signo en psaux/t1decode.c en FreeType anterior a v2.4.6, es usado enCoreGraphics en Apple iOS anterior a v4.2.9 y v4.3.x anterior a v4.3.4 y otros productos, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria o caída de la aplicación) a través de una fuente manipulada Type 1 en un documento PDF, como se explotó en Julio 2011. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00014.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00015.html http://lists.nongnu.org/archive/html/freetype-devel/2011-07/msg00020.html http://lists.nongnu.org/archive/html/f • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 36EXPL: 0CVE-2011-0227
https://notcve.org/view.php?id=CVE-2011-0227
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. Las funciones primitivas de gestión de cola de IOMobileFrameBuffer en Apple iOS anteriores a 4.2.9 y 4.3.x anteriores a 4.3.4 no realizan adecuadamente la conversión de tipos, lo que permite a usuarios locales obtener privilegios a través de una aplicación modificada. • http://lists.apple.com/archives/security-announce/2011//Jul/msg00000.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00001.html http://support.apple.com/kb/HT4802 http://support.apple.com/kb/HT4803 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 1%CPEs: 96EXPL: 0CVE-2011-0163
https://notcve.org/view.php?id=CVE-2011-0163
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle unspecified "cached resources," which allows remote attackers to cause a denial of service (resource unavailability) via a crafted web site that conducts a cache-poisoning attack. WebKit, tal como se utiliza en Apple Safari v5.0.4 e iOS antes de v4.3, no controla correctamente "los recursos almacenados en caché" sin especificar, lo que permite a atacantes remotos provocar una denegación de servicio (falta de disponibilidad de recursos) a través de un sitio web manipulad que lleva a cabo un ataque de envenenamiento de caché. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securitytracker.com/id?1025182 https://exchange.xforce.ibmcloud.com/vulnerabilities/66001 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 96EXPL: 0CVE-2011-0160
https://notcve.org/view.php?id=CVE-2011-0160
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. WebKit, tal como se utiliza en Apple Safari antes de v5.0.4 e iOS antes de v4.3, no controla correctamente las redirecciones en conjunto con la autenticación básica HTTP, lo que podría permitir a los servidores Web remotos capturar las credenciales de registro de la cabecera HTTP de autorización. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.securitytracker.com/id?1025182 • CWE-20: Improper Input Validation •