CVE-2013-1034
https://notcve.org/view.php?id=CVE-2013-1034
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades XSS en Wiki Server de Apple Mac OS X Server anterior a la versión 2.2.2 permite a atacantes remotos inyectar script web o HTML arbitrario a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://support.apple.com/kb/HT5892 http://www.cloudscan.me/2013/09/cve-2013-1034-stored-xss-xxe-os-x.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1024
https://notcve.org/view.php?id=CVE-2013-1024
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. CoreMedia reproducción en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un archivo de video especialmente diseñado. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://support.apple.com/kb/HT5784 http://support.apple.com/kb/HT6001 • CWE-20: Improper Input Validation •
CVE-2013-0975 – Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0975
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles the LongComment PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value after it performs some mathematical operations on it. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-0982
https://notcve.org/view.php?id=CVE-2013-0982
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. La función de navegación privada en CFNetwork en Apple Mac OS X antes de v10.8.4 no impide el almacenamiento de cookies permanentes a la salida de Safari, que podría permitir a atacantes físicamente cercanos evitar la autenticación basada en cookies mediante el aprovechamiento de una estación de trabajo sin supervisión. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-0990
https://notcve.org/view.php?id=CVE-2013-0990
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. SMB en Apple Mac OS X antes de v10.8.4, cuando el intercambio de archivos está activada, permite a los usuarios remotos autenticados crear o modificar archivos fuera de un directorio compartido a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-264: Permissions, Privileges, and Access Controls •