CVSS: 8.8EPSS: 5%CPEs: 16EXPL: 0CVE-2013-0975 – Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0975
05 Jun 2013 — Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerabl... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3951 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2013-3951
05 Jun 2013 — sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 16EXPL: 0CVE-2013-1024 – Apple Security Advisory 2014-01-22-1
https://notcve.org/view.php?id=CVE-2013-1024
05 Jun 2013 — CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. CoreMedia reproducción en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la a... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0983 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0983
05 Jun 2013 — Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. Vulnerabilidad al consumo de pila en CoreAnimation en Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un símbolo de texto manipulado en un URL encontradas por Saf... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 126EXPL: 2CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
05 Jun 2013 — Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. Core Security Technologies Advisory - A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted... • https://packetstorm.news/files/id/121887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 22%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable install... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 75EXPL: 0CVE-2013-2777 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2777
08 Apr 2013 — sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, b... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0CVE-2013-1776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-1776
08 Apr 2013 — sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different aff... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2013-2776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2776
08 Apr 2013 — sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CV... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-0976
https://notcve.org/view.php?id=CVE-2013-0976
15 Mar 2013 — IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. IOAcceleratorFamily en Apple Mac OS X anterior a v10.8.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante una imagen de gráficos especialmente diseñada. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •