CVSS: 4.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3953
https://notcve.org/view.php?id=CVE-2013-3953
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel mediante una llamada manipulada. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3954
https://notcve.org/view.php?id=CVE-2013-3954
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. La llamada al sistema posix_spawn en el kernel XNU en Apple MAc OS X v10.8.x no valida correctamente los datos para acciones de ficheros y puertos, lo que permite a usuarios locales (1) causar una denegación de servicio mediante un valor de tamaño inconsistente con el campo contador de la cabecera, o (2) obtener información sensible desde la memoria dinámica del kernel mediante un valor de cierto tamaño junto con un búfer especialmente diseñado. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 103EXPL: 0CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of a malformed Sorenson Video 3 mdat section in a QuickTime mov file. This can lead to memory corruption that could lead to remote code execution under the context of the process. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 119EXPL: 1CVE-2013-2842 – Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
https://notcve.org/view.php?id=CVE-2013-2842
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. Vulnerabilidad de tipo "usar despues de liberar" en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificados realacionados con la manipulación de "widgets". • https://www.exploit-db.com/exploits/40243 http://googlechromereleases.blogspot.com/2013/05/stable-channel-release.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.debian.org/security/2013/dsa-2 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 130EXPL: 0CVE-2013-0999 – Webkit.org Webkit string.replace Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0999
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Webkit implements the string.replace() method. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16762 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •