CVSS: 2.1EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5158
https://notcve.org/view.php?id=CVE-2013-5158
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. El subsistema Social de Apple iOS en versiones anteriores a la versión 7, no restringe acceso a la cache de los iconos de Twitter, lo que permite a atacantes con acceso físico al dispositivo obtener información sensitiva sobre interacciones recientes en Twitter a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.7EPSS: 0%CPEs: 48EXPL: 1CVE-2013-5147 – Apple iOS 7.0.2 - Sim Lock Screen Display Bypass
https://notcve.org/view.php?id=CVE-2013-5147
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. El Passcode Lock en Apple iOS para versiones anteriores a 7 no maneja adecuadamente el estado de bloqueo , lo que permite a atacantes físicos evitar la condicion de carrera afectando a llamadas y expulsión de tarjeta SIM • https://www.exploit-db.com/exploits/28978 http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5129
https://notcve.org/view.php?id=CVE-2013-5129
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. Múltiples vulnerabilidades XSS en WebKit de Apple iOS anterior a la versión 7 permite a atacantes remotos asistidos por el usuario inyectar script web o HTML arbitrario a través de vectores que implican operaciones de (1) arrastrar y soltar o (2) copiar y pegar. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5145
https://notcve.org/view.php?id=CVE-2013-5145
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. kextd en Kext Management de Apple iOS (anteriores a v7) no verifica apropiadamente la autorización para mensajes IPC, lo que permite a usuarios locales (1) cargar o (2) descargar extensiones de kernel a través de mensajes manipulados. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5138
https://notcve.org/view.php?id=CVE-2013-5138
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. IOCatalogue en IOKitUser de Apple iOS (anteriores a v7) permite a atacantes causar una denegación de servicio (referencia a puntero nulo y cuelgue del dispositivo) a través de una aplicación manipulada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 •