CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3831
https://notcve.org/view.php?id=CVE-2010-3831
Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action. Fotos en Apple iOS anterior a v4.2 habilita el soporte para la autenticación básica HTTP a través de una conexión sin cifrar, lo cual permite a atacantes man-in-the-middle leer contraseñas de cuentas MobileMe mediante la suplantación de un servidor de MobileMe Gallery durante una acción "Enviar a MobileMe". • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024771 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3829
https://notcve.org/view.php?id=CVE-2010-3829
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. WebKit en Apple iOS anterior a v4.2 permite a atacantes remotos evitar el ajuste de carga de imágenes remotas en mensajes a través de un elemento HTML LINK con una propiedad DNS prefetching, como lo demuestra un mensaje de correo electrónico HTML que utiliza un elemento LINK para la funcionalidad X-Confirm-Reading-To, un problema relacionado con CVE-2010-3813. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4456 http://support.apple.com/kb/HT4808 http://www.securitytracker.com/id?1024773 http://www.vupen.com/english/advisories/2010/3046 http://www.vupen.co • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 29EXPL: 1CVE-2010-3830 – Apple iOS 4.0.2 - Networking Packet Filter Rules Privilege Escalation
https://notcve.org/view.php?id=CVE-2010-3830
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors. Networking en Apple iOS anterior de v4.2 tiene acceso a un puntero no válido durante el procesamiento de reglas de filtrado de paquetes, lo cual permite a usuarios locales conseguir privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/35010 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024772 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63419 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3828
https://notcve.org/view.php?id=CVE-2010-3828
iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle attackers to make calls via a crafted URL in an ad. iAd Content Display en Apple iOS anterior a v4.2 permite a atacantes "man-in-the-middle" hacer llamadas a través de una URL manipulada en un anuncio. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63417 •
CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 0CVE-2010-3827
https://notcve.org/view.php?id=CVE-2010-3827
Apple iOS before 4.2 does not properly validate signatures before displaying a configuration profile in the configuration installation utility, which allows remote attackers to spoof profiles via unspecified vectors. Apple iOS anterior a v4.2 no valida correctamente la firma antes de mostrar un perfil de configuración en la utilidad de configuración de instalación, lo cual permite a atacantes remotos suplantar perfiles a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024768 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63416 • CWE-20: Improper Input Validation •