CVSS: 6.8EPSS: 1%CPEs: 16EXPL: 0CVE-2013-1024
https://notcve.org/view.php?id=CVE-2013-1024
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. CoreMedia reproducción en Apple Mac OS X anterior a v10.8.4 no inicializa correctamente la memoria durante el procesamiento de pistas de texto, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de la aplicación) a través de un archivo de video especialmente diseñado. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://support.apple.com/kb/HT5784 http://support.apple.com/kb/HT6001 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3953
https://notcve.org/view.php?id=CVE-2013-3953
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel mediante una llamada manipulada. • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 http://www.syscan.org/index.php/sg/program/day/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 3%CPEs: 16EXPL: 0CVE-2013-0975 – Apple QuickTime PICT Image LongComment Opcode Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0975
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Desbordamiento de búfer en QuickDraw Manager de Apple Mac OS X antes de v10.8.4 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de una imagen PICT manipulada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles the LongComment PICT opcode. It converts an unsigned 16 bit value into a signed 32 bit value after it performs some mathematical operations on it. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0985
https://notcve.org/view.php?id=CVE-2013-0985
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. Administración de discos en Apple Mac OS X anterior a v10.8.4 no valida correctamente los intentos de desactivar FileVault, que permite a usuarios locales provocar una denegación de servicio (pérdida de la funcionalidad de cifrado) mediante una línea de comandos sin especificar. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-287: Improper Authentication •
CVSS: 1.7EPSS: 0%CPEs: 16EXPL: 0CVE-2013-0982
https://notcve.org/view.php?id=CVE-2013-0982
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. La función de navegación privada en CFNetwork en Apple Mac OS X antes de v10.8.4 no impide el almacenamiento de cookies permanentes a la salida de Safari, que podría permitir a atacantes físicamente cercanos evitar la autenticación basada en cookies mediante el aprovechamiento de una estación de trabajo sin supervisión. • http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html http://support.apple.com/kb/HT5784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •