CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 0CVE-2007-3755
https://notcve.org/view.php?id=CVE-2007-3755
Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. Mail en Apple iPhone 1.1.1 permite a atacantes remotos con la complicidad del usuario forzar al usuario del iPhone a hacer llamadas a números de teléfono de su elección mediante un enlace "tel:", lo cual no informa al usuario antes de marcar el número. • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38536 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25862 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36853 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3754
https://notcve.org/view.php?id=CVE-2007-3754
Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user when the mail server changes or is not trusted, which might allow remote attackers to steal credentials and read email via a man-in-the-middle (MITM) attack. Mail en Apple iPhone 1.1.1, al usar SSL, no avisa al usuario cuando el servidor de correo cambia o no es confiable, lo cual permite a atacantes remotos robar credenciales y leer correos electrónicos mediante un ataque de hombre en el medio (MITM, man-in-the-middle). • http://docs.info.apple.com/article.html?artnum=306586 http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html http://osvdb.org/38537 http://secunia.com/advisories/26983 http://securitytracker.com/id?1018752 http://www.securityfocus.com/bid/25856 http://www.vupen.com/english/advisories/2007/3287 https://exchange.xforce.ibmcloud.com/vulnerabilities/36845 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2007-3742
https://notcve.org/view.php?id=CVE-2007-3742
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" (homographs) and possibly perform phishing attacks. WEbKit en Apple Safari 3 Beta anterior al Update 3.0.3, y iPhone anterior a 1.0.1, no maneja adecuadamente la interacción entre el soporte para Nombres de Dominio Internacionales (International Domain Name o IDN) y las fuentes Unicode, lo cual permite a atacantes remotos crear un URL conteniendo "caracteres con apariencia similar" (homógrafos), y posiblemente realizar ataques de fraude (phishing). • http://docs.info.apple.com/article.html?artnum=306173 http://docs.info.apple.com/article.html?artnum=306174 http://isc.sans.org/diary.html?storyid=3214 http://secunia.com/advisories/26287 http://www.securityfocus.com/bid/24636 http://www.securitytracker.com/id?1018488 http://www.vupen.com/english/advisories/2007/2730 http://www.vupen.com/english/advisories/2007/2731 https://exchange.xforce.ibmcloud.com/vulnerabilities/35716 • CWE-16: Configuration CWE-59: Improper Link Resolution Before File Access ('Link Following') •