Page 24 of 158 results (0.005 seconds)

CVSS: 7.2EPSS: 0%CPEs: 29EXPL: 1

CVE-2010-3830 – Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation

https://notcve.org/view.php?id=CVE-2010-3830

Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. Networking en Apple iOS anterior de v4.2 tiene acceso a un puntero no válido durante el procesamiento de reglas de filtrado de paquetes, lo cual permite a usuarios locales conseguir privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/35010 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024772 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63419 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3827

https://notcve.org/view.php?id=CVE-2010-3827

Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. Apple iOS anterior a v4.2 no valida correctamente la firma antes de mostrar un perfil de configuración en la utilidad de configuración de instalación, lo cual permite a atacantes remotos suplantar perfiles a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63416 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3831

https://notcve.org/view.php?id=CVE-2010-3831

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. Fotos en Apple iOS anterior a v4.2 habilita el soporte para la autenticación básica HTTP a través de una conexión sin cifrar, lo cual permite a atacantes man-in-the-middle leer contraseñas de cuentas MobileMe mediante la suplantación de un servidor de MobileMe Gallery durante una acción "Enviar a MobileMe". • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024771 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0

CVE-2010-3828

https://notcve.org/view.php?id=CVE-2010-3828

iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. iAd Content Display en Apple iOS anterior a v4.2 permite a atacantes "man-in-the-middle" hacer llamadas a través de una URL manipulada en un anuncio. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63417 •

CVSS: 6.8EPSS: 3%CPEs: 31EXPL: 0

CVE-2010-3832

https://notcve.org/view.php?id=CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. Desbordamiento de búfer basado en memoria dinámica en la implementación de gestión de la movilidad GSM en Telephony en Apple iOS anterior a v4.2 en el iPhone y el iPAD permite a atacantes remotos ejecutar código a su elección en el procesador de baseband a través de un campo Temporary Mobile Subscriber Identity (TMSI) manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024770 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •