CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 8CVE-2014-1266 – Apple Security Advisory 2014-02-21-1
https://notcve.org/view.php?id=CVE-2014-1266
22 Feb 2014 — The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. La función SSLVerifySigned... • https://github.com/gabrielg/CVE-2014-1266-poc • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2013-0340 – Apple Security Advisory 2021-10-26-11
https://notcve.org/view.php?id=CVE-2013-0340
21 Jan 2014 — expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issu... • http://openwall.com/lists/oss-security/2013/02/22/3 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2013-5228 – (Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5228
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-5196 – Apple Security Advisory 2013-12-16-1
https://notcve.org/view.php?id=CVE-2013-5196
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-5197 – Apple Security Advisory 2013-12-16-1
https://notcve.org/view.php?id=CVE-2013-5197
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-5198 – Apple Security Advisory 2013-12-16-1
https://notcve.org/view.php?id=CVE-2013-5198
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 12EXPL: 0CVE-2013-5199 – Apple Security Advisory 2013-12-16-1
https://notcve.org/view.php?id=CVE-2013-5199
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2013-5225 – Apple Security Advisory 2013-12-16-1
https://notcve.org/view.php?id=CVE-2013-5225
18 Dec 2013 — WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. WebKit, de la manera en que se utiliza en Apple Safari anteriores a 6.1.1 y 7.x anteriores a 7.0.1, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída ... • http://archives.neohapsis.com/archives/bugtraq/2013-12/0086.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 101EXPL: 0CVE-2013-0981
https://notcve.org/view.php?id=CVE-2013-0981
20 Mar 2013 — The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. El controlador IOUSBDeviceFamily en la implementación USB del kernel en Apple iOS anterior a 6.1.3 y Apple TV anterior a la 5.2.1, accede a los punteros de los "pipe object" que se originan en el espacio de usuario, lo que permite a usuarios locales obtener privilegios... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html •
CVSS: 6.6EPSS: 0%CPEs: 101EXPL: 0CVE-2013-0977
https://notcve.org/view.php?id=CVE-2013-0977
20 Mar 2013 — dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. dyld en Apple iOS y Apple TV a v6.1.3 y Apple TV anterior a v5.2.1, ni gestiona adecuadamente el estado de carga de un archivo ejecutable para los del tipo "Mach-O", lo que permite a usuarios locales evitar los requerimientos de "Code-signing" a través de un... • http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html •