Vendor CVEs
Apple Inc.
All CVEs
8,444 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1045 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1044 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1043 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1042 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1041 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1040 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1039 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1038 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1037 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1036 | 0.00 | — | 0.03 | Sep 19, 2013 | Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||
| CVE-2013-1035 | 0.00 | — | 0.04 | Sep 19, 2013 | The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2013-1034 | 0.00 | — | 0.02 | Sep 19, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0957 | 0.00 | — | 0.01 | Sep 19, 2013 | Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |||
| CVE-2011-2391 | 0.00 | — | 0.01 | Sep 19, 2013 | The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. | |||
| CVE-2013-1824 | 0.00 | — | 0.04 | Sep 16, 2013 | The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the… | |||
| CVE-2013-1033 | 0.00 | — | 0.02 | Sep 16, 2013 | Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||
| CVE-2013-1032 | 0.00 | — | 0.03 | Sep 16, 2013 | QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file. | |||
| CVE-2013-1031 | 0.00 | — | 0.00 | Sep 16, 2013 | Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had… | |||
| CVE-2013-1030 | 0.00 | — | 0.00 | Sep 16, 2013 | mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process. | |||
| CVE-2013-1029 | 0.00 | — | 0.01 | Sep 16, 2013 | The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser. | |||
| CVE-2013-1028 | 0.00 | — | 0.01 | Sep 16, 2013 | The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||
| CVE-2013-1027 | 0.00 | — | 0.02 | Sep 16, 2013 | Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||
| CVE-2013-1026 | 0.00 | — | 0.03 | Sep 16, 2013 | Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||
| CVE-2013-1025 | 0.00 | — | 0.03 | Sep 16, 2013 | Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |||
| CVE-2013-5132 | 0.00 | — | 0.01 | Sep 8, 2013 | Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame. | |||
| CVE-2013-4616 | 0.00 | — | 0.01 | Jun 18, 2013 | The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a… | |||
| CVE-2013-3955 | 0.00 | — | 0.00 | Jun 5, 2013 | The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via… | |||
| CVE-2013-3954 | 0.00 | — | 0.00 | Jun 5, 2013 | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)… | |||
| CVE-2013-3953 | 0.00 | — | 0.00 | Jun 5, 2013 | The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||
| CVE-2013-3952 | 0.00 | — | 0.00 | Jun 5, 2013 | The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | |||
| CVE-2013-3951 | 0.00 | — | 0.00 | Jun 5, 2013 | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path… | |||
| CVE-2013-3950 | 0.00 | — | 0.02 | Jun 5, 2013 | Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | |||
| CVE-2013-3949 | 0.00 | — | 0.00 | Jun 5, 2013 | The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper… | |||
| CVE-2013-3948 | 0.00 | — | 0.02 | Jun 5, 2013 | Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services://… | |||
| CVE-2013-1024 | 0.00 | — | 0.03 | Jun 5, 2013 | CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||
| CVE-2013-1023 | 0.00 | — | 0.02 | Jun 5, 2013 | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | |||
| CVE-2013-1013 | 0.00 | — | 0.01 | Jun 5, 2013 | XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | |||
| CVE-2013-1012 | 0.00 | — | 0.02 | Jun 5, 2013 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | |||
| CVE-2013-1009 | 0.00 | — | 0.02 | Jun 5, 2013 | WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | |||
| CVE-2013-0990 | 0.00 | — | 0.01 | Jun 5, 2013 | SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||
| CVE-2013-0985 | 0.00 | — | 0.00 | Jun 5, 2013 | Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line. | |||
| CVE-2013-0983 | 0.00 | — | 0.02 | Jun 5, 2013 | Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | |||
| CVE-2013-0982 | 0.00 | — | 0.00 | Jun 5, 2013 | The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation. | |||
| CVE-2013-0975 | 0.00 | — | 0.03 | Jun 5, 2013 | Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | |||
| CVE-2013-1022 | 0.00 | — | 0.05 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. | |||
| CVE-2013-1021 | 0.00 | — | 0.04 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. | |||
| CVE-2013-1020 | 0.00 | — | 0.03 | May 24, 2013 | Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. | |||
| CVE-2013-1019 | 0.00 | — | 0.06 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | |||
| CVE-2013-1018 | 0.00 | — | 0.05 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. | |||
| CVE-2013-1016 | 0.00 | — | 0.05 | May 24, 2013 | Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. |
- CVE-2013-1045Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1044Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1043Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1042Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1041Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1040Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1039Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1038Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1037Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1036Sep 19, 2013risk 0.00cvss —epss 0.03
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
- CVE-2013-1035Sep 19, 2013risk 0.00cvss —epss 0.04
The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
- CVE-2013-1034Sep 19, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2013-0957Sep 19, 2013risk 0.00cvss —epss 0.01
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
- CVE-2011-2391Sep 19, 2013risk 0.00cvss —epss 0.01
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
- CVE-2013-1824Sep 16, 2013risk 0.00cvss —epss 0.04
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the…
- CVE-2013-1033Sep 16, 2013risk 0.00cvss —epss 0.02
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
- CVE-2013-1032Sep 16, 2013risk 0.00cvss —epss 0.03
QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.
- CVE-2013-1031Sep 16, 2013risk 0.00cvss —epss 0.00
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had…
- CVE-2013-1030Sep 16, 2013risk 0.00cvss —epss 0.00
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
- CVE-2013-1029Sep 16, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
- CVE-2013-1028Sep 16, 2013risk 0.00cvss —epss 0.01
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
- CVE-2013-1027Sep 16, 2013risk 0.00cvss —epss 0.02
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
- CVE-2013-1026Sep 16, 2013risk 0.00cvss —epss 0.03
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
- CVE-2013-1025Sep 16, 2013risk 0.00cvss —epss 0.03
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
- CVE-2013-5132Sep 8, 2013risk 0.00cvss —epss 0.01
Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.
- CVE-2013-4616Jun 18, 2013risk 0.00cvss —epss 0.01
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a…
- CVE-2013-3955Jun 5, 2013risk 0.00cvss —epss 0.00
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via…
- CVE-2013-3954Jun 5, 2013risk 0.00cvss —epss 0.00
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)…
- CVE-2013-3953Jun 5, 2013risk 0.00cvss —epss 0.00
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
- CVE-2013-3952Jun 5, 2013risk 0.00cvss —epss 0.00
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.
- CVE-2013-3951Jun 5, 2013risk 0.00cvss —epss 0.00
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path…
- CVE-2013-3950Jun 5, 2013risk 0.00cvss —epss 0.02
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.
- CVE-2013-3949Jun 5, 2013risk 0.00cvss —epss 0.00
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper…
- CVE-2013-3948Jun 5, 2013risk 0.00cvss —epss 0.02
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services://…
- CVE-2013-1024Jun 5, 2013risk 0.00cvss —epss 0.03
CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
- CVE-2013-1023Jun 5, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.
- CVE-2013-1013Jun 5, 2013risk 0.00cvss —epss 0.01
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
- CVE-2013-1012Jun 5, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
- CVE-2013-1009Jun 5, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.
- CVE-2013-0990Jun 5, 2013risk 0.00cvss —epss 0.01
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
- CVE-2013-0985Jun 5, 2013risk 0.00cvss —epss 0.00
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.
- CVE-2013-0983Jun 5, 2013risk 0.00cvss —epss 0.02
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.
- CVE-2013-0982Jun 5, 2013risk 0.00cvss —epss 0.00
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.
- CVE-2013-0975Jun 5, 2013risk 0.00cvss —epss 0.03
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
- CVE-2013-1022May 24, 2013risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.
- CVE-2013-1021May 24, 2013risk 0.00cvss —epss 0.04
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.
- CVE-2013-1020May 24, 2013risk 0.00cvss —epss 0.03
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.
- CVE-2013-1019May 24, 2013risk 0.00cvss —epss 0.06
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
- CVE-2013-1018May 24, 2013risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
- CVE-2013-1016May 24, 2013risk 0.00cvss —epss 0.05
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.
Page 133 of 169