CVSS: 7.8EPSS: 2%CPEs: 53EXPL: 0CVE-2013-1025 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1025
13 Sep 2013 — Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. iOS 7 is now available and addresses Certificate Trust Pol... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1033 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1033
13 Sep 2013 — Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. El bloqueo de pantalla en Apple Mac OS X anteriores a 10.8.5 no realiza un seguimiento adecuado de las sesiones, lo que permite a usuarios autenticados remotamente evitar el bloqueo aprovechando la pantalla compartida de acceso. OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND iss... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1824 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1824
13 Sep 2013 — The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. El validador SOAP en PHP anterior a 5.3.22 y 5.4.x anterior a 5.4.12 permite a atacantes remotos leer archivos a discrección a través de un archivo SOAP WSDL que contenga una declaración de... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.9EPSS: 0%CPEs: 53EXPL: 0CVE-2013-1028 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1028
13 Sep 2013 — The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. La implementación IPSec en Apple Mac OS X anteriores a 10.8.5, cuando es empleada la Autentificación Híbrida, no verifica certificados X.509 desde pasarelas de seguridad, lo que permite a atacantes man-in-the-middle falsear pasarelas de segu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1030 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1030
13 Sep 2013 — mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. El cliente mdmclient en control de dispositivos móviles en Apple Mac OS X anterior a 10.8.5 pone la contraseña en línea de comandos lo que permite a usuarios locales obtener información sensible inspeccionando el proceso OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues,... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0983 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0983
05 Jun 2013 — Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. Vulnerabilidad al consumo de pila en CoreAnimation en Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un símbolo de texto manipulado en un URL encontradas por Saf... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-1024 – Apple Security Advisory 2014-01-22-1
https://notcve.org/view.php?id=CVE-2013-1024
05 Jun 2013 — CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. CoreMedia reproducción en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la a... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0990 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0990
05 Jun 2013 — SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. SMB en Apple Mac OS X antes de v10.8.4, cuando el intercambio de archivos está activada, permite a los usuarios remotos autenticados crear o modificar archivos fuera de un directorio compartido a través de vectores no especificados. OS X Mountain Lion version 10.8.4 and Security Update 2013-002 is now available and addresses ove... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 5%CPEs: 16EXPL: 0CVE-2013-0975 – Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0975
05 Jun 2013 — Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0982 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0982
05 Jun 2013 — The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. La función de navegación privada en CFNetwork en Apple Mac OS X antes de v10.8.4 no impide el almacenamiento de cookies permanentes a la salida de Safari, que podría permitir a atacantes físicamente cercanos evitar la autenticación basada en... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •