CVE-2013-1028
https://notcve.org/view.php?id=CVE-2013-1028
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. La implementación IPSec en Apple Mac OS X anteriores a 10.8.5, cuando es empleada la Autentificación Híbrida, no verifica certificados X.509 desde pasarelas de seguridad, lo que permite a atacantes man-in-the-middle falsear pasarelas de seguridad y obtener información sensible a través de certificados manipulados. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5880 http://support.apple.com/kb/HT5934 • CWE-20: Improper Input Validation •
CVE-2013-1030
https://notcve.org/view.php?id=CVE-2013-1030
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. El cliente mdmclient en control de dispositivos móviles en Apple Mac OS X anterior a 10.8.5 pone la contraseña en línea de comandos lo que permite a usuarios locales obtener información sensible inspeccionando el proceso • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1027
https://notcve.org/view.php?id=CVE-2013-1027
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. Instalador en Apple Mac OS X anteriores a v10.8.5 proporciona una opción para continuar la instalación de un paquete después de encontrar un certificado revocado, lo cual podría permitir a atacantes asistidos por un usuario ejecutar código arbitrario a través de un paquete manipulado. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://support.apple.com/kb/HT5880 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1026
https://notcve.org/view.php?id=CVE-2013-1026
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. Vulnerabildad de desbordamiento de búfer en ImageIO de Apple Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (caida de aplicación) a través de datos JPEG2000 en un documento PDF • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5880 http://support.apple.com/kb/HT5934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1025
https://notcve.org/view.php?id=CVE-2013-1025
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5880 http://support.apple.com/kb/HT5934 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •