CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5161 – Apple Security Advisory 2013-09-26-1
https://notcve.org/view.php?id=CVE-2013-5161
27 Sep 2013 — Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. El código de bloqueo en Apple iOS anterior a la versión 7.0.2 no gestiona adecuadamente el estado de bloqueo, lo que permite físicamente a atacantes próximos evitar el código de acceso, abrir la aplicación de la cámara o leer la... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-0957 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-0957
19 Sep 2013 — Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. Protección de Datos en Apple iOS (anteriores a v7) permite a atacantes evitar los límites establecidos para la introducción incorrecta de contraseña, y consecuentemente evitar la configuración de Borrado de Datos, aprovechando la presencia de una aplicación en la sandbox de tercer... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 48EXPL: 0CVE-2013-1036 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-1036
19 Sep 2013 — Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. Safari en Apple iOS (anterior a v7) permite a atacantes remotos ejecutar código arbitrariamente o causar una denegación de servicio (corrupción de memoria) a través de un documento XML manipulado. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 50EXPL: 0CVE-2011-2391 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2011-2391
19 Sep 2013 — The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. La implementación de IPv6 en el núcleo de Apple iOS anterior a 7 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de paquetes ICMPv6 manipulados. OS X 10.10.2 and Security Update 2015-001 are now available and address information disclosure, arbitrary code execution, cache clearing, integer overflow, and variou... • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5129 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5129
19 Sep 2013 — Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. Múltiples vulnerabilidades XSS en WebKit de Apple iOS anterior a la versión 7 permite a atacantes remotos asistidos por el usuario inyectar script web o HTML arbitrario a través de vectores que implican operaciones de (1) arrastrar y soltar o (2) copiar y pegar. iOS 7 is now a... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5131 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5131
19 Sep 2013 — Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad Cross-site scripting (XSS) en WebKit en Apple iOS anterior a la v7 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de una URL manipulada. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5137 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5137
19 Sep 2013 — IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. IOKit en Apple iOS anteriores a la versión 7 permite a atacantes enviar eventos de la interfaz de usuario a la aplicación en primer plano aprovechando el control sobre una aplicación en segundo plano y usando (1) la API de completado de tareas o (2) la API VoIP. iOS 7 is now available and addresses Certificate Trus... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5138 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5138
19 Sep 2013 — IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. IOCatalogue en IOKitUser de Apple iOS (anteriores a v7) permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabi... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5140 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5140
19 Sep 2013 — The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. El núcleo de Apple iOS anterior a 7 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y reinicio del dispositivo) vía un fragmento de paquete no válidos. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5141 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5141
19 Sep 2013 — The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." El kernel en Apple iOS (anteriores a v7) utiliza un tamaño de datos incorrecto para ciertas variables entero, lo que permite al atacante producir una denegación de servicio (bucle infinito y cuelgue de dispositivo) a través de una aplicación manipulada, rela... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-189: Numeric Errors •