CVSS: 10.0EPSS: 0%CPEs: 216EXPL: 0CVE-2013-3345 – flash-plugin: Multiple code execution flaws (APSB13-17)
https://notcve.org/view.php?id=CVE-2013-3345
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash Player anterior a 11.7.700.232 y 11.8.x anterior a 11.8.800.94 en Windows y Mac OS X, anterior a 11.2.202.297 en Linux, anterior a 11.1.111.64 en Android 2.x y 3.x,anterior a 11.1.115.69 en Android 4.x, permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (consumo de memoria) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00021.html http://www.adobe.com/support/security/bulletins/apsb13-17.html https://access.redhat.com/security/cve/CVE-2013-3345 https://bugzilla.redhat.com/show_bug.cgi?id=982749 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 103EXPL: 0CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of a malformed Sorenson Video 3 mdat section in a QuickTime mov file. This can lead to memory corruption that could lead to remote code execution under the context of the process. • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16830 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 130EXPL: 0CVE-2013-1003
https://notcve.org/view.php?id=CVE-2013-1003
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17252 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 130EXPL: 0CVE-2013-1001
https://notcve.org/view.php?id=CVE-2013-1001
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación en la iTunes Store. Vulnerabilidad distinta de otros CVEs listados en APPLE-SA-2013-05-16-1. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17572 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 130EXPL: 0CVE-2013-1010
https://notcve.org/view.php?id=CVE-2013-1010
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, como es usado en Apple iTunes anterior a v11.0.3 permite a atacantes "man-in-the-middle" ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación de iTunes Store, una vulnerabilidad diferente a los CVE de WebKit en APPLE-SA-2013-05-16-1. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html http://lists.apple.com/archives/security-announce/2013/May/msg00000.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5766 http://support.apple.com/kb/HT5785 http://support.apple.com/kb/HT5934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17123 • CWE-399: Resource Management Errors •