CVE-2013-0981
https://notcve.org/view.php?id=CVE-2013-0981
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. El controlador IOUSBDeviceFamily en la implementación USB del kernel en Apple iOS anterior a 6.1.3 y Apple TV anterior a la 5.2.1, accede a los punteros de los "pipe object" que se originan en el espacio de usuario, lo que permite a usuarios locales obtener privilegios a través de un código manipulado. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html http://support.apple.com/kb/HT5702 http://support.apple.com/kb/HT5704 •
CVE-2013-0956
https://notcve.org/view.php?id=CVE-2013-0956
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. WebKit en Apple iOS anterior a v6.1, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta de la listada por Apple APPLE-SA-2013-01-28-1. • http://lists.apple.com/archives/security-announce/2013/Jan/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00003.html http://support.apple.com/kb/HT5642 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-5134 – libxml2: Heap-buffer-underflow in xmlParseAttValueComplex
https://notcve.org/view.php?id=CVE-2012-5134
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document. Desbordamiento de búfer basado en memoria dinámica en la función xmlParseAttValueComplex en parser.c en libxml2 2.9.0 y anteriores, como las usadas en Google Chrome anteriores a 23.0.1271.91,permite a atacantes remotos causar una denegación de servicio (cuelgue) o ejecutar código a través de una entidad manipulada en un fichero XML. • http://git.gnome.org/browse/libxml2/commit/?id=6a36fbe3b3e001a8a840b5c1fdd81cefc9947f0d http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2013- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-3750
https://notcve.org/view.php?id=CVE-2012-3750
The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. La implementación del bloqueo con Passcode en Apple iOS antes de v6.0.1 no gestiona adecuadamente el estado de bloqueo, lo que permite pasar por alto un requisito clave de acceso a atacantes físicamente próximos y acceder a las contraseñas del Passbook a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://support.apple.com/kb/HT5567 http://www.securityfocus.com/bid/56363 https://exchange.xforce.ibmcloud.com/vulnerabilities/79747 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-3749
https://notcve.org/view.php?id=CVE-2012-3749
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. Las APIs de las extensiones del kernel en Apple iOS antes de v6.0.1 devuelve direcciones del kernel en las respuestas que contienen una clave OSBundleMachOHeaders, lo que hace que sea más fácil para los atacantes remotos evitar el mecanismo de protección ASLR través de una aplicación creada paar este fin. • http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html http://secunia.com/advisories/51445 http://support.apple.com/kb/HT5567 http://support.apple.com/kb/HT5598 http://www.securityfocus.com/bid/56361 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •