CVSS: 6.2EPSS: 0%CPEs: 13EXPL: 1CVE-2013-3955
https://notcve.org/view.php?id=CVE-2013-3955
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. La función get_xattrinfo en el XNU kernel en Apple iOS v5.x y v6.x hasta 6.1.3 en dispositivos iPad no valida correctamente el encabezado de un fichero AppleDouble, lo que podría permitir a usuarios locales provocar una denegación de servicio (corrupción de memoria) o tienen un impacto no especificado a través de un archivo no válido en un sistema de ficheros msdosfs. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2012-2648
https://notcve.org/view.php?id=CVE-2012-2648
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la app GoodReader v3.16 y anteriores para iOS en iPad, y v3.15.1 y anteriores para IOS en iPhone e iPod touch, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que implican el uso de la aplicación junto a un navegador. • http://jvn.jp/en/jp/JVN01598734/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2012-000073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 4%CPEs: 142EXPL: 0CVE-2011-1344 – WebKit WBR Tag Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-1344
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. Vulnerabilidad sin especificar en WebKit. Tal como se utiliza en Apple Safari 5.0.4 en Mac OS X 10.6.6, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, como ha demostrado Chaouki Bekrar durante el concurso Pwn2Own de la CanSecWest 2011. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. • http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html http://secunia.com/advisories/44151 http://secunia.com/advisories/44154 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4607 http://twitter.com/aaronportnoy/statuses/45632544967901187&# • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 3%CPEs: 31EXPL: 0CVE-2010-3832
https://notcve.org/view.php?id=CVE-2010-3832
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field. Desbordamiento de búfer basado en memoria dinámica en la implementación de gestión de la movilidad GSM en Telephony en Apple iOS anterior a v4.2 en el iPhone y el iPAD permite a atacantes remotos ejecutar código a su elección en el procesador de baseband a través de un campo Temporary Mobile Subscriber Identity (TMSI) manipulado. • http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4456 http://www.securitytracker.com/id?1024770 http://www.vupen.com/english/advisories/2010/3046 https://exchange.xforce.ibmcloud.com/vulnerabilities/63421 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.9EPSS: 0%CPEs: 13EXPL: 2CVE-2010-2973 – Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'
https://notcve.org/view.php?id=CVE-2010-2973
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. Un desbordamiento de enteros en IOSurface en Apple iOS anterior a versión 4.0.2 en el iPhone y iPod touch, y anterior a versión 3.2.2 en la iPad, permite a los usuarios locales alcanzar privilegios por medio de vectores que involucran las propiedades de IOSurface, como es demostrado por JailbreakMe. • https://www.exploit-db.com/exploits/14538 http://lists.apple.com/archives/security-announce/2010//Aug/msg00000.html http://lists.apple.com/archives/security-announce/2010//Aug/msg00001.html http://osvdb.org/66827 http://secunia.com/advisories/40807 http://support.apple.com/kb/HT4291 http://support.apple.com/kb/HT4292 http://www.exploit-db.com/exploits/14538 http://www.securityfocus.com/bid/42151 • CWE-264: Permissions, Privileges, and Access Controls •