VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,444 total · sorted by risk
  • CVE-2013-1045Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1044Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1043Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1042Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1041Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1040Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1039Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1038Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1037Sep 19, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

  • CVE-2013-1036Sep 19, 2013
    risk 0.00cvss epss 0.03

    Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

  • CVE-2013-1035Sep 19, 2013
    risk 0.00cvss epss 0.04

    The iTunes ActiveX control in Apple iTunes before 11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

  • CVE-2013-1034Sep 19, 2013
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2013-0957Sep 19, 2013
    risk 0.00cvss epss 0.01

    Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.

  • CVE-2011-2391Sep 19, 2013
    risk 0.00cvss epss 0.01

    The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

  • CVE-2013-1824Sep 16, 2013
    risk 0.00cvss epss 0.04

    The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the…

  • CVE-2013-1033Sep 16, 2013
    risk 0.00cvss epss 0.02

    Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.

  • CVE-2013-1032Sep 16, 2013
    risk 0.00cvss epss 0.03

    QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted idsc atom in a QuickTime movie file.

  • CVE-2013-1031Sep 16, 2013
    risk 0.00cvss epss 0.00

    Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had…

  • CVE-2013-1030Sep 16, 2013
    risk 0.00cvss epss 0.00

    mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.

  • CVE-2013-1029Sep 16, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.

  • CVE-2013-1028Sep 16, 2013
    risk 0.00cvss epss 0.01

    The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

  • CVE-2013-1027Sep 16, 2013
    risk 0.00cvss epss 0.02

    Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.

  • CVE-2013-1026Sep 16, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

  • CVE-2013-1025Sep 16, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

  • CVE-2013-5132Sep 8, 2013
    risk 0.00cvss epss 0.01

    Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.

  • CVE-2013-4616Jun 18, 2013
    risk 0.00cvss epss 0.01

    The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a…

  • CVE-2013-3955Jun 5, 2013
    risk 0.00cvss epss 0.00

    The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via…

  • CVE-2013-3954Jun 5, 2013
    risk 0.00cvss epss 0.00

    The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2)…

  • CVE-2013-3953Jun 5, 2013
    risk 0.00cvss epss 0.00

    The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

  • CVE-2013-3952Jun 5, 2013
    risk 0.00cvss epss 0.00

    The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle.

  • CVE-2013-3951Jun 5, 2013
    risk 0.00cvss epss 0.00

    sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path…

  • CVE-2013-3950Jun 5, 2013
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.

  • CVE-2013-3949Jun 5, 2013
    risk 0.00cvss epss 0.00

    The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper…

  • CVE-2013-3948Jun 5, 2013
    risk 0.00cvss epss 0.02

    Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services://…

  • CVE-2013-1024Jun 5, 2013
    risk 0.00cvss epss 0.03

    CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.

  • CVE-2013-1023Jun 5, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009.

  • CVE-2013-1013Jun 5, 2013
    risk 0.00cvss epss 0.01

    XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.

  • CVE-2013-1012Jun 5, 2013
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.

  • CVE-2013-1009Jun 5, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023.

  • CVE-2013-0990Jun 5, 2013
    risk 0.00cvss epss 0.01

    SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.

  • CVE-2013-0985Jun 5, 2013
    risk 0.00cvss epss 0.00

    Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) via an unspecified command line.

  • CVE-2013-0983Jun 5, 2013
    risk 0.00cvss epss 0.02

    Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari.

  • CVE-2013-0982Jun 5, 2013
    risk 0.00cvss epss 0.00

    The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation.

  • CVE-2013-0975Jun 5, 2013
    risk 0.00cvss epss 0.03

    Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.

  • CVE-2013-1022May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file.

  • CVE-2013-1021May 24, 2013
    risk 0.00cvss epss 0.04

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file.

  • CVE-2013-1020May 24, 2013
    risk 0.00cvss epss 0.03

    Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file.

  • CVE-2013-1019May 24, 2013
    risk 0.00cvss epss 0.06

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

  • CVE-2013-1018May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.

  • CVE-2013-1016May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding.

Page 133 of 169