CVSS: 9.3EPSS: 0%CPEs: 48EXPL: 0CVE-2013-5159 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-5159
19 Sep 2013 — WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. Vulnerabildad en WebKit para versiones Apple iOS anteriores a 7 permite a atacante remoto obtener información potencialmente sensible sobre el uso de la API window.webkitRequestAnimationFrame a través de un elemento IFRAME iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, C... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 53EXPL: 0CVE-2013-1025 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1025
13 Sep 2013 — Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. Desbordamiento de búfer en CoreGraphics en Apple Mac OS X anterior a 10.8.5, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de aplicación) a través de datos JBIG2 manipulados en un documento PDF. iOS 7 is now available and addresses Certificate Trust Pol... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 53EXPL: 0CVE-2013-1026 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1026
13 Sep 2013 — Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. Vulnerabildad de desbordamiento de búfer en ImageIO de Apple Mac OS X permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (caida de aplicación) a través de datos JPEG2000 en un documento PDF iOS 7 is now available and addresses Certificate Trust Policy, Core Graphics, Core ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 53EXPL: 0CVE-2013-1028 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-1028
13 Sep 2013 — The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. La implementación IPSec en Apple Mac OS X anteriores a 10.8.5, cuando es empleada la Autentificación Híbrida, no verifica certificados X.509 desde pasarelas de seguridad, lo que permite a atacantes man-in-the-middle falsear pasarelas de segu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 42EXPL: 0CVE-2013-4616 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-4616
18 Jun 2013 — The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. El método generateDefaultPassword en WifiPasswordController en las preferencias de iOS 6 y anteriores depende del método UITextChecker suggestWordInLangu... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3953 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-3953
05 Jun 2013 — The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. La función mach_port_space_info en osfmk/ipc/mach_debug.c en el kernel XNU en Apple Mac OS X 10.8.x, no inicializa determinadas estructuras, lo que permite a usuarios locales la obtención de información sensible a través de la memoria dinámica del kernel media... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.9EPSS: 0%CPEs: 53EXPL: 1CVE-2013-3954 – Apple Security Advisory 2013-09-18-2
https://notcve.org/view.php?id=CVE-2013-3954
05 Jun 2013 — The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. La llamada al sistema posix_spawn en el kernel XNU en Apple MAc OS X v10.8.x no valida correctamente los datos para ... • http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 103EXPL: 0CVE-2013-1019 – Apple QuickTime Sorenson Video mdat Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-1019
23 May 2013 — Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. Desbordamiento de búfer en Apple QuickTime antes de v7.7.4 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de un archivo de película manipulado con la codificación Sorenson. This vulnerability allows remote attackers to execute arbitrary code... • http://lists.apple.com/archives/security-announce/2013/Jul/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 21%CPEs: 119EXPL: 2CVE-2013-2842 – Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
https://notcve.org/view.php?id=CVE-2013-2842
22 May 2013 — Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets. Vulnerabilidad de tipo "usar despues de liberar" en Google Chrome anterior a v27.0.1453.93 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificados realacionados con la manipulación de "widgets". iTunes 11.1.4 is now available and addresses multip... • https://www.exploit-db.com/exploits/40243 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 130EXPL: 0CVE-2013-0999 – Webkit.org Webkit string.replace Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0999
19 May 2013 — WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. WebKit, usado en Apple iTunes anterior a 11.0.3, permite a atacantes man-in-the-middle la ejecución de código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicació... • http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •