CVSS: 7.8EPSS: 1%CPEs: 53EXPL: 0CVE-2013-1025 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1025
13 Sep 2013 — Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. iOS 7 is now available and addresses Certificate Trust Pol... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 53EXPL: 0CVE-2013-1026 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1026
13 Sep 2013 — Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. Vulnerabildad de desbordamiento de búfer en ImageIO de Apple Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (caida de aplicación) a través de datos JPEG2000 en un documento PDF iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 53EXPL: 0CVE-2013-1028 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1028
13 Sep 2013 — The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. La implementación IPSec en Apple Mac OS X anteriores a 10.8.5, cuando es empleada la Autentificación Híbrida, no verifica certificados X.509 desde pasarelas de seguridad, lo que permite a atacantes man-in-the-middle falsear pasarelas de segu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4616 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-4616
18 Jun 2013 — The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. El método generateDefaultPassword en WifiPasswordController en las preferencias de iOS 6 y anteriores depende del método UITextChecker suggestWordInLangu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3953 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-3953
05 Jun 2013 — The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel media... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3954 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-3954
05 Jun 2013 — The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. La llamada al sistema posix_spawn en el kernel XNU en Apple MAc OS X v10.8.x no valida correctamente los datos para ... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 103EXPL: 0CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code... • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 21%CPEs: 119EXPL: 2CVE-2013-2842 – Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
https://notcve.org/view.php?id=CVE-2013-2842
22 May 2013 — Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. Vulnerabilidad de tipo "usar despues de liberar" en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificados realacionados con la manipulación de "widgets". iTunes 11.1.4 is now available and addresses multip... • https://www.exploit-db.com/exploits/40243 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 130EXPL: 0CVE-2013-0999 – Webkit.org Webkit string.replace Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0999
19 May 2013 — WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicació... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 130EXPL: 0CVE-2013-1000 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-1000
19 May 2013 — WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicació... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •