CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5141 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5141
19 Sep 2013 — The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." El kernel en Apple iOS (anteriores a v7) utiliza un tamaño de datos incorrecto para ciertas variables entero, lo que permite al atacante producir una denegación de servicio (bucle infinito y cuelgue de dispositivo) a través de una aplicación manipulada, rela... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5142 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5142
19 Sep 2013 — The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. El kernel en Apple IOS anterior a v7 no inicializa estructuras de datos del kernel no especificadas, lo que permite a usuarios locales obtener información sensible desde la pila del kernel mediante las APIs msgctl y segctl. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphic... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5145 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5145
19 Sep 2013 — kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. kextd en Kext Management de Apple iOS (anteriores a v7) no verifica apropiadamente la autorización para mensajes IPC, lo que permite a usuarios locales (1) cargar o (2) descargar extensiones de kernel a través de mensajes manipulados. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Cor... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.7EPSS: 0%CPEs: 48EXPL: 1CVE-2013-5147 – Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
https://notcve.org/view.php?id=CVE-2013-5147
19 Sep 2013 — Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. El Passcode Lock en Apple iOS para versiones anteriores a 7 no maneja adecuadamente el estado de bloqueo , lo que permite a atacantes físicos evitar la condicion de carrera afectando a llamadas y expulsión de tarjeta SIM iOS 7 is now available and addresses Certifica... • https://www.exploit-db.com/exploits/28978 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5151 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5151
19 Sep 2013 — Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 no previene la interpretación HTML de un documento servido con un tipo de contenido text/plain, lo que permite a atacantes remotos realizar ataques XSS mediante la subida de un archivo. iOS 7 is now available and address... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5152 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5152
19 Sep 2013 — Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 permite a atacantes remotos falsificar la barra de direcciones a través de un sitio web manipulado. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 2.4EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5153 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5153
19 Sep 2013 — Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. Springboard en Apple iOS anterior a versión 7 no mantiene apropiadamente el estado de bloqueo en Lost Mode, lo cual permite a atacantes en las proximidades a leer notificaciones a través de vectores de ataque no especificados iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5154 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5154
19 Sep 2013 — The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. El subsistema "Sandbox" en Apple iOS (anteriores a v7) determina el requerimiento de sandbox para una aplicación #! basandose en el intérprete de scripts en lugar del script, lo que permite a atacantes evitar restricciones de acceso mediante aplicaciones man... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5157 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5157
19 Sep 2013 — The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. El subsistema de Twitter en Apple iOS anteriores a v7 no requiere conformidad de la API para acceder a las interfaces demonio de Twitter, lo cual permite a atacantes publicar Tweets a través de aplicaciones manipuladas que envían peticiones directas al demonio. iOS 7 is now available and addresse... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5158 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5158
19 Sep 2013 — The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. El subsistema Social de Apple iOS en versiones anteriores a la versión 7, no restringe acceso a la cache de los iconos de Twitter, lo que permite a atacantes con acceso físico al dispositivo obtener información sensitiva sobre interacciones recientes en Twitter a través... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •