CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1031 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1031
13 Sep 2013 — Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. La gestión de energía de Apple Mac OS X anterior a 10.8.5 no realiza el bloqueo adecuadamente durante las ocurrencias de las aserciones de energía, lo que permite a atacantes cercanos físicamente... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 0CVE-2013-1032 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1032
13 Sep 2013 — QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. QuickTime en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar comandos a discrección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un idsc atom manipulado en un archivo de vídeo de QuickTime. OS X Mountain Lion v10.8.5 and Sec... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 53EXPL: 0CVE-2013-1025 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1025
13 Sep 2013 — Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. iOS 7 is now available and addresses Certificate Trust Pol... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1029 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1029
13 Sep 2013 — The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. El kernel en Apple Mac OS X anterior a v10.8.5 permite a atacantes remotos provocar una denegación de servicio (causando un panic) a través de paquetes IGMP manipulados que aprovechan código incorrecto y extraño en el parser IGMP. OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apac... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1027 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1027
13 Sep 2013 — Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. Instalador en Apple Mac OS X anteriores a v10.8.5 proporciona una opción para continuar la instalación de un paquete después de encontrar un certificado revocado, lo cual podría permitir a atacantes asistidos por un usuario ejecutar código arbitrario a través de un paquete ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1033 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1033
13 Sep 2013 — Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. El bloqueo de pantalla en Apple Mac OS X anteriores a 10.8.5 no realiza un seguimiento adecuado de las sesiones, lo que permite a usuarios autenticados remotamente evitar el bloqueo aprovechando la pantalla compartida de acceso. OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses Apache issues, BIND iss... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1824 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1824
13 Sep 2013 — The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. El validador SOAP en PHP anterior a 5.3.22 y 5.4.x anterior a 5.4.12 permite a atacantes remotos leer archivos a discrección a través de un archivo SOAP WSDL que contenga una declaración de... • http://git.php.net/?p=php-src.git%3Ba=commit%3Bh=188c196d4da60bdde9190d2fc532650d17f7af2d • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0985 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0985
05 Jun 2013 — Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. Administración de discos en Apple Mac OS X anterior a v10.8.4 no valida correctamente los intentos de desactivar FileVault, que permite a usuarios locales provocar una denegación de servicio (pérdida de la funcionalidad de cifrado) mediante una línea de comandos sin especificar. ... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 1CVE-2013-3952
https://notcve.org/view.php?id=CVE-2013-3952
05 Jun 2013 — The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. La función fill_pipeinfo en bsd/kern/sys_pipe.c en el XNU kernel en Apple Mac OS X 10.8.x, permite a usuarios locales saltarse el mecanismo de protección KASLR a través de la opción PROC_PIDFDPIPEINFO a la llamada del sistema proc_info para un manejador del kernel tipo ... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0982 – Apple Security Advisory 2013-06-04-1
https://notcve.org/view.php?id=CVE-2013-0982
05 Jun 2013 — The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. La función de navegación privada en CFNetwork en Apple Mac OS X antes de v10.8.4 no impide el almacenamiento de cookies permanentes a la salida de Safari, que podría permitir a atacantes físicamente cercanos evitar la autenticación basada en... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •