CVSS: 6.8EPSS: 85%CPEs: 7EXPL: 0CVE-2010-1815 – webkit: use-after-free flaw when handling scrollbars
https://notcve.org/view.php?id=CVE-2010-1815
Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars. Vulnerabilidad de uso después de la liberación en WebKit en Apple iOS anterior a v4.1 en iPhone e iPod touch, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) mediante vectores que comprenden las barras de desplazamiento. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00002.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/42314 http://secunia.com/advisories/43068 http://secunia.com/advisories/43086 http://support.apple.com/kb/HT4334 http:&# • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.9EPSS: 0%CPEs: 13EXPL: 2CVE-2010-2973 – Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'
https://notcve.org/view.php?id=CVE-2010-2973
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. Un desbordamiento de enteros en IOSurface en Apple iOS anterior a versión 4.0.2 en el iPhone y iPod touch, y anterior a versión 3.2.2 en la iPad, permite a los usuarios locales alcanzar privilegios por medio de vectores que involucran las propiedades de IOSurface, como es demostrado por JailbreakMe. • https://www.exploit-db.com/exploits/14538 http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html http://osvdb.org/66827 http://secunia.com/advisories/40807 http://support.apple.com/kb/HT4291 http://support.apple.com/kb/HT4292 http://www.exploit-db.com/exploits/14538 http://www.securityfocus.com/bid/42151 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1751
https://notcve.org/view.php?id=CVE-2010-1751
Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch does not prevent photo-library access, which might allow remote attackers to obtain location information via unspecified vectors. Application Sandbox en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no impide el acceso a la fototeca, lo que puede permitir a atacantes remotos obtener información de la ubicación mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/59630 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1754
https://notcve.org/view.php?id=CVE-2010-1754
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. Passcode Lock en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no maneja de manera adecuada desbloqueos basados en alertas en conjunción con las operaciones subsiguientes de bloqueo remoto a través de MobileMe, lo que permite a atacantes físicamente próximos eludir los requerimientos de clave de acceso establecidos mediante vectores no especificados. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/59633 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2010-1755
https://notcve.org/view.php?id=CVE-2010-1755
Safari in Apple iOS before 4 on the iPhone and iPod touch does not properly implement the Accept Cookies preference, which makes it easier for remote web servers to track users via a cookie. Safari en Apple iOS en versiones anteriores a la 4 en el iPhone y iPod touch no implementa de manera adecuada la opción "Aceptar cookies", lo que facilita a los servidores web remotos rastrear a los usuarios a través de una cookie. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://support.apple.com/kb/HT4225 http://www.securityfocus.com/bid/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/59634 • CWE-264: Permissions, Privileges, and Access Controls •