CVSS: 7.2EPSS: 0%CPEs: 29EXPL: 1CVE-2010-3830 – Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3830
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. Networking en Apple iOS anterior de v4.2 tiene acceso a un puntero no válido durante el procesamiento de reglas de filtrado de paquetes, lo cual permite a usuarios locales conseguir privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/35010 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024772 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63419 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3828
https://notcve.org/view.php?id=CVE-2010-3828
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. iAd Content Display en Apple iOS anterior a v4.2 permite a atacantes "man-in-the-middle" hacer llamadas a través de una URL manipulada en un anuncio. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63417 •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3827
https://notcve.org/view.php?id=CVE-2010-3827
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. Apple iOS anterior a v4.2 no valida correctamente la firma antes de mostrar un perfil de configuración en la utilidad de configuración de instalación, lo cual permite a atacantes remotos suplantar perfiles a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63416 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 3%CPEs: 31EXPL: 0CVE-2010-3832
https://notcve.org/view.php?id=CVE-2010-3832
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. Desbordamiento de búfer basado en memoria dinámica en la implementación de gestión de la movilidad GSM en Telephony en Apple iOS anterior a v4.2 en el iPhone y el iPAD permite a atacantes remotos ejecutar código a su elección en el procesador de baseband a través de un campo Temporary Mobile Subscriber Identity (TMSI) manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024770 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0CVE-2010-1810
https://notcve.org/view.php?id=CVE-2010-1810
FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. FaceTime en Apple iOS anterior a v4.1 en el iPhone e iPod touch no maneja correctamente certificados X.509 no válidos, lo cual permite a atacantes de "hombre-en-medio" redireccionar llamadas a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://support.apple.com/kb/HT4334 https://exchange.xforce.ibmcloud.com/vulnerabilities/61695 •