CVSS: 7.8EPSS: 2%CPEs: 53EXPL: 0CVE-2013-1025
https://notcve.org/view.php?id=CVE-2013-1025
16 Sep 2013 — Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 53EXPL: 0CVE-2013-1026
https://notcve.org/view.php?id=CVE-2013-1026
16 Sep 2013 — Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. Vulnerabildad de desbordamiento de búfer en ImageIO de Apple Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (caida de aplicación) a través de datos JPEG2000 en un documento PDF • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1027
https://notcve.org/view.php?id=CVE-2013-1027
16 Sep 2013 — Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. Instalador en Apple Mac OS X anteriores a v10.8.5 proporciona una opción para continuar la instalación de un paquete después de encontrar un certificado revocado, lo cual podría permitir a atacantes asistidos por un usuario ejecutar código arbitrario a través de un paquete ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 53EXPL: 0CVE-2013-1028
https://notcve.org/view.php?id=CVE-2013-1028
16 Sep 2013 — The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. La implementación IPSec en Apple Mac OS X anteriores a 10.8.5, cuando es empleada la Autentificación Híbrida, no verifica certificados X.509 desde pasarelas de seguridad, lo que permite a atacantes man-in-the-middle falsear pasarelas de segu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1029
https://notcve.org/view.php?id=CVE-2013-1029
16 Sep 2013 — The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. El kernel en Apple Mac OS X anterior a v10.8.5 permite a atacantes remotos provocar una denegación de servicio (causando un panic) a través de paquetes IGMP manipulados que aprovechan código incorrecto y extraño en el parser IGMP. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1030
https://notcve.org/view.php?id=CVE-2013-1030
16 Sep 2013 — mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. El cliente mdmclient en control de dispositivos móviles en Apple Mac OS X anterior a 10.8.5 pone la contraseña en línea de comandos lo que permite a usuarios locales obtener información sensible inspeccionando el proceso • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1031
https://notcve.org/view.php?id=CVE-2013-1031
16 Sep 2013 — Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. La gestión de energía de Apple Mac OS X anterior a 10.8.5 no realiza el bloqueo adecuadamente durante las ocurrencias de las aserciones de energía, lo que permite a atacantes cercanos físicamente... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1032
https://notcve.org/view.php?id=CVE-2013-1032
16 Sep 2013 — QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. QuickTime en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar comandos a discrección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un idsc atom manipulado en un archivo de vídeo de QuickTime. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1033
https://notcve.org/view.php?id=CVE-2013-1033
16 Sep 2013 — Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. El bloqueo de pantalla en Apple Mac OS X anteriores a 10.8.5 no realiza un seguimiento adecuado de las sesiones, lo que permite a usuarios autenticados remotamente evitar el bloqueo aprovechando la pantalla compartida de acceso. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3951
https://notcve.org/view.php?id=CVE-2013-3951
05 Jun 2013 — sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-20: Improper Input Validation •