CVSS: 4.9EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0990
https://notcve.org/view.php?id=CVE-2013-0990
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. SMB en Apple Mac OS X antes de v10.8.4, cuando el intercambio de archivos está activada, permite a los usuarios remotos autenticados crear o modificar archivos fuera de un directorio compartido a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0983
https://notcve.org/view.php?id=CVE-2013-0983
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. Vulnerabilidad al consumo de pila en CoreAnimation en Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un símbolo de texto manipulado en un URL encontradas por Safari. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 1CVE-2013-3951
https://notcve.org/view.php?id=CVE-2013-3951
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. sys/OpenBSD/stack_protector.c en libc en Apple iOS v6.1.3 y Mac OS X v10.8.x no analiza correctamente los hilos de Apple que trabajan en la implementación user-space stack-cookie, lo que permite a usuarios locales eludir aleatorización cookies mediante la ejecución de un programa con una llamada de la ruta que comienza con el stack-guard=substring, como lo demuestra un ataque desanclaje iOS o un ataque en contra de un programa setuid Mac OS X. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html http://www.securitytracker.com/id/1033703 http://www.syscan.org/index.php/sg/program/day/2 https://support.apple.com/HT205212 https://support.apple.com/HT205213 https:/&# • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 126EXPL: 1CVE-2013-0984 – Apple Mac OSX Server - DirectoryService Buffer Overflow
https://notcve.org/view.php?id=CVE-2013-0984
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Servicio de directorio de Apple Mac OS X hasta v10.6.8 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída del demonio) a través de un mensaje elaborado. • https://www.exploit-db.com/exploits/25974 http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 30%CPEs: 56EXPL: 0CVE-2013-0986 – Apple QuickTime enof Parsing Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0986
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de átomos ENOF manipulados en un archivo de película. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a MOV file. The size field of the enof atom is not properly validated. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/May/msg00001.html http://support.apple.com/kb/HT5770 http://support.apple.com/kb/HT5784 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16794 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •