CVSS: 5.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5142 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5142
19 Sep 2013 — The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. El kernel en Apple IOS anterior a v7 no inicializa estructuras de datos del kernel no especificadas, lo que permite a usuarios locales obtener información sensible desde la pila del kernel mediante las APIs msgctl y segctl. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphic... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5145 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5145
19 Sep 2013 — kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. kextd en Kext Management de Apple iOS (anteriores a v7) no verifica apropiadamente la autorización para mensajes IPC, lo que permite a usuarios locales (1) cargar o (2) descargar extensiones de kernel a través de mensajes manipulados. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Cor... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.7EPSS: 0%CPEs: 48EXPL: 1CVE-2013-5147 – Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
https://notcve.org/view.php?id=CVE-2013-5147
19 Sep 2013 — Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. El Passcode Lock en Apple iOS para versiones anteriores a 7 no maneja adecuadamente el estado de bloqueo , lo que permite a atacantes físicos evitar la condicion de carrera afectando a llamadas y expulsión de tarjeta SIM iOS 7 is now available and addresses Certifica... • https://www.exploit-db.com/exploits/28978 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5149 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5149
19 Sep 2013 — The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. El subsistema de Notificaciones Push en Apple iOS (anteriores a v7) envia el token de las notificaciones push a una aplicación sin aprocación del usuario, lo que permite a un atacante obtener información sensitiva a través de una aplicación que utiliza un pr... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.4EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5150 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5150
19 Sep 2013 — The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. La funcionalidad para limpieza del historial en Safari en Apple iOS anterior 7 no limpia el histórico atrás/adelante en una pestaña abierta, lo que permite a atacantes físicamente próximos obtener información sensible mediante el aprovechamiento de una equipo de trabajo sin sup... • http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5151 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5151
19 Sep 2013 — Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 no previene la interpretación HTML de un documento servido con un tipo de contenido text/plain, lo que permite a atacantes remotos realizar ataques XSS mediante la subida de un archivo. iOS 7 is now available and address... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5152 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5152
19 Sep 2013 — Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. Vulnerabilidad en Mobile Safari de Apple iOS anterior a la versión 7 permite a atacantes remotos falsificar la barra de direcciones a través de un sitio web manipulado. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues and vulnerabilities. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 2.4EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5153 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5153
19 Sep 2013 — Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. Springboard en Apple iOS anterior a versión 7 no mantiene apropiadamente el estado de bloqueo en Lost Mode, lo cual permite a atacantes en las proximidades a leer notificaciones a través de vectores de ataque no especificados iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5154 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5154
19 Sep 2013 — The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. El subsistema "Sandbox" en Apple iOS (anteriores a v7) determina el requerimiento de sandbox para una aplicación #! basandose en el intérprete de scripts en lugar del script, lo que permite a atacantes evitar restricciones de acceso mediante aplicaciones man... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5155 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5155
19 Sep 2013 — The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. El subsistema Sandbox en versiones anteriores a Apple IOS 7 permite a los atacantes provocar una denegación de servicio (bucle infinito) a través de una aplicación que escriba valores manipulados en /dev/random. iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core Media, Data Protection, and various other issues ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-20: Improper Input Validation •