CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5151
https://notcve.org/view.php?id=CVE-2013-5151
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 no previene la interpretación HTML de un documento servido con un tipo de contenido text/plain, lo que permite a atacantes remotos realizar ataques XSS mediante la subida de un archivo. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 2%CPEs: 48EXPL: 0CVE-2013-1044
https://notcve.org/view.php?id=CVE-2013-1044
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. WebKit, como se utiliza en Apple iOS anterior a 7, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a WebKit CVEs enumerados en APPLE-SA-2013-09-18-2. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.securitytracker.com/id/1029054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5129
https://notcve.org/view.php?id=CVE-2013-5129
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. Múltiples vulnerabilidades XSS en WebKit de Apple iOS anterior a la versión 7 permite a atacantes remotos asistidos por el usuario inyectar script web o HTML arbitrario a través de vectores que implican operaciones de (1) arrastrar y soltar o (2) copiar y pegar. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5141
https://notcve.org/view.php?id=CVE-2013-5141
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." El kernel en Apple iOS (anteriores a v7) utiliza un tamaño de datos incorrecto para ciertas variables entero, lo que permite al atacante producir una denegación de servicio (bucle infinito y cuelgue de dispositivo) a través de una aplicación manipulada, relativa a una "vulnerabilidad de truncado de entero" • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-189: Numeric Errors •
CVSS: 6.8EPSS: 1%CPEs: 52EXPL: 0CVE-2013-1039
https://notcve.org/view.php?id=CVE-2013-1039
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. WebKit tal y como se usa en Apple iOS para versiones anteriores a 7, permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria y caída de la aplicación) a través de un sitio web manipulado. Vulnerabilidad distinta a los CVEs publicados en APPLE-SA-2013-09-18-2. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.securitytracker.com/id/1029054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •