VYPR

Vendor CVEs

Apple Inc.

All CVEs

8,444 total · sorted by risk
  • CVE-2013-1015May 24, 2013
    risk 0.00cvss epss 0.03

    Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file.

  • CVE-2013-0989May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.

  • CVE-2013-0988May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file.

  • CVE-2013-0987May 24, 2013
    risk 0.00cvss epss 0.03

    Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file.

  • CVE-2013-0986May 24, 2013
    risk 0.00cvss epss 0.05

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file.

  • CVE-2013-1014May 20, 2013
    risk 0.00cvss epss 0.00

    Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate.

  • CVE-2013-1011May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1010May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1008May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1007May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1006May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1005May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1004May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1003May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1002May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1001May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-1000May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0999May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0998May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0997May 20, 2013
    risk 0.00cvss epss 0.03

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0996May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0995May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0994May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0993May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-0991May 20, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs…

  • CVE-2013-2777Apr 8, 2013
    risk 0.00cvss epss 0.00

    sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session…

  • CVE-2013-2776Apr 8, 2013
    risk 0.00cvss epss 0.00

    sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the…

  • CVE-2013-1776Apr 8, 2013
    risk 0.00cvss epss 0.00

    sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting…

  • CVE-2013-0981Mar 20, 2013
    risk 0.00cvss epss 0.00

    The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

  • CVE-2013-0980Mar 20, 2013
    risk 0.00cvss epss 0.00

    The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

  • CVE-2013-0979Mar 20, 2013
    risk 0.00cvss epss 0.00

    lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

  • CVE-2013-0978Mar 20, 2013
    risk 0.00cvss epss 0.00

    The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

  • CVE-2013-0977Mar 20, 2013
    risk 0.00cvss epss 0.00

    dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

  • CVE-2013-0976Mar 15, 2013
    risk 0.00cvss epss 0.02

    IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.

  • CVE-2013-0973Mar 15, 2013
    risk 0.00cvss epss 0.01

    Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.

  • CVE-2013-0971Mar 15, 2013
    risk 0.00cvss epss 0.02

    Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.

  • CVE-2013-0970Mar 15, 2013
    risk 0.00cvss epss 0.01

    Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL.

  • CVE-2013-0969Mar 15, 2013
    risk 0.00cvss epss 0.00

    Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.

  • CVE-2013-0967Mar 15, 2013
    risk 0.00cvss epss 0.01

    CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site.

  • CVE-2013-0966Mar 15, 2013
    risk 0.00cvss epss 0.02

    The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.

  • CVE-2013-0961Mar 15, 2013
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.

  • CVE-2013-0960Mar 15, 2013
    risk 0.00cvss epss 0.02

    WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.

  • CVE-2013-0886Feb 23, 2013
    risk 0.00cvss epss 0.01

    Google Chrome before 25.0.1364.99 on Mac OS X does not properly implement signal handling for Native Client (aka NaCl) code, which has unspecified impact and attack vectors.

  • CVE-2013-0974Jan 29, 2013
    risk 0.00cvss epss 0.01

    StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner.

  • CVE-2013-0968Jan 29, 2013
    risk 0.00cvss epss 0.01

    WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

  • CVE-2013-0964Jan 29, 2013
    risk 0.00cvss epss 0.01

    The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

  • CVE-2013-0963Jan 29, 2013
    risk 0.00cvss epss 0.00

    Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

  • CVE-2013-0962Jan 29, 2013
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.

  • CVE-2013-0959Jan 29, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

  • CVE-2013-0958Jan 29, 2013
    risk 0.00cvss epss 0.02

    WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

Page 134 of 169