Filtered by vendor Apple
Subscribe
Total
11236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5129 | 1 Apple | 1 Iphone Os | 2013-10-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||||
| CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-31 | 6.9 MEDIUM | N/A |
| The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
| CVE-2013-3950 | 1 Apple | 1 Iphone Os | 2013-10-31 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | |||||
| CVE-2013-1036 | 1 Apple | 1 Iphone Os | 2013-10-31 | 6.8 MEDIUM | N/A |
| Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
| CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||||
| CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2013-10-25 | 5.8 MEDIUM | N/A |
| The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
| CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2013-10-25 | 6.4 MEDIUM | N/A |
| socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||
| CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2013-10-25 | 1.9 LOW | N/A |
| CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||||
| CVE-2013-5173 | 1 Apple | 1 Mac Os X | 2013-10-25 | 2.1 LOW | N/A |
| The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||||
| CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2013-10-25 | 6.6 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
| CVE-2013-5176 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | |||||
| CVE-2013-5177 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
| The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||||
| CVE-2013-5168 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.8 MEDIUM | N/A |
| Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||||
| CVE-2013-5180 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
| The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | |||||
| CVE-2013-5181 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
| The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-5183 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.6 LOW | N/A |
| Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-5182 | 1 Apple | 1 Mac Os X | 2013-10-24 | 5.0 MEDIUM | N/A |
| Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | |||||
| CVE-2013-5185 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
| The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. | |||||
| CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.1 LOW | N/A |
| Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||||