Page 24 of 164 results (0.026 seconds)

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3831

https://notcve.org/view.php?id=CVE-2010-3831

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. Fotos en Apple iOS anterior a v4.2 habilita el soporte para la autenticación básica HTTP a través de una conexión sin cifrar, lo cual permite a atacantes man-in-the-middle leer contraseñas de cuentas MobileMe mediante la suplantación de un servidor de MobileMe Gallery durante una acción "Enviar a MobileMe". • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024771 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3828

https://notcve.org/view.php?id=CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. iAd Content Display en Apple iOS anterior a v4.2 permite a atacantes "man-in-the-middle" hacer llamadas a través de una URL manipulada en un anuncio. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63417 •

CVSS: 6.8EPSS: 3%CPEs: 31EXPL: 0

CVE-2010-3832

https://notcve.org/view.php?id=CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. Desbordamiento de búfer basado en memoria dinámica en la implementación de gestión de la movilidad GSM en Telephony en Apple iOS anterior a v4.2 en el iPhone y el iPAD permite a atacantes remotos ejecutar código a su elección en el procesador de baseband a través de un campo Temporary Mobile Subscriber Identity (TMSI) manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024770 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3829

https://notcve.org/view.php?id=CVE-2010-3829

WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. WebKit en Apple iOS anterior a v4.2 permite a atacantes remotos evitar el ajuste de carga de imágenes remotas en mensajes a través de un elemento HTML LINK con una propiedad DNS prefetching, como lo demuestra un mensaje de correo electrónico HTML que utiliza un elemento LINK para la funcionalidad X-Confirm-Reading-To, un problema relacionado con CVE-2010-3813. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4456 http://support.apple.com/kb/HT4808 http://www.securitytracker.com/id?1024773 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.co • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.5EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-1810

https://notcve.org/view.php?id=CVE-2010-1810

FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not properly handle invalid X.509 certificates, which allows man-in-the-middle attackers to redirect calls via a crafted certificate. FaceTime en Apple iOS anterior a v4.1 en el iPhone e iPod touch no maneja correctamente certificados X.509 no válidos, lo cual permite a atacantes de "hombre-en-medio" redireccionar llamadas a través de un certificado manipulado. • http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://support.apple.com/kb/HT4334 https://exchange.xforce.ibmcloud.com/vulnerabilities/61695 •