CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0985 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0985
05 Jun 2013 — Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. Administración de discos en Apple Mac OS X anterior a v10.8.4 no valida correctamente los intentos de desactivar FileVault, que permite a usuarios locales provocar una denegación de servicio (pérdida de la funcionalidad de cifrado) mediante una línea de comandos sin especificar. ... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3951 – Apple Security Advisory 2015-09-16-1
https://notcve.org/view.php?id=CVE-2013-3951
05 Jun 2013 — sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 4%CPEs: 126EXPL: 2CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
05 Jun 2013 — Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. Core Security Technologies Advisory - A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted... • https://packetstorm.news/files/id/121887 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 22%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable install... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 89EXPL: 0CVE-2013-1014
https://notcve.org/view.php?id=CVE-2013-1014
19 May 2013 — Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. Apple iTunes anterior a 11.0.3 no verifica adecuadamente los certificados X.509, lo que permite a atacantes man-in-the-middle suplantar los servidores HTTPS a través de un certificado arbitrario válido. • http://lists.apple.com/archives/security-announce/2013/May/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 75EXPL: 0CVE-2013-2777 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2777
08 Apr 2013 — sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, b... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 65EXPL: 0CVE-2013-1776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-1776
08 Apr 2013 — sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different aff... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 76EXPL: 0CVE-2013-2776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2776
08 Apr 2013 — sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CV... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2013-0976
https://notcve.org/view.php?id=CVE-2013-0976
15 Mar 2013 — IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. IOAcceleratorFamily en Apple Mac OS X anterior a v10.8.3 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) mediante una imagen de gráficos especialmente diseñada. • http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 80EXPL: 7CVE-2013-1775 – Apple Mac OSX - Sudo Password Bypass
https://notcve.org/view.php?id=CVE-2013-1775
04 Mar 2013 — sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. sudo v1.6.0 a la v1.7.10p6 y sudo v1.8.0 a la v1.8.6p6, permite a usuarios locales o físicamente próximos evitar las restricciones de tiempo y mantener los privilegios sin necesidad de reautenticarse, simplemente estableciendo el reloj del sistema y... • https://packetstorm.news/files/id/123032 • CWE-264: Permissions, Privileges, and Access Controls •