Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5131 | 1 Apple | 1 Iphone Os | 2013-10-30 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2013-5138 | 1 Apple | 1 Iphone Os | 2013-10-30 | 4.7 MEDIUM | N/A |
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||||
CVE-2013-5141 | 1 Apple | 1 Iphone Os | 2013-10-30 | 7.1 HIGH | N/A |
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | |||||
CVE-2013-5142 | 1 Apple | 1 Iphone Os | 2013-10-30 | 4.9 MEDIUM | N/A |
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | |||||
CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2013-10-30 | 6.3 MEDIUM | N/A |
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||||
CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-30 | 6.9 MEDIUM | N/A |
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
CVE-2013-3950 | 1 Apple | 1 Iphone Os | 2013-10-30 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | |||||
CVE-2013-1036 | 1 Apple | 1 Iphone Os | 2013-10-30 | 6.8 MEDIUM | N/A |
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||||
CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2013-10-25 | 5.8 MEDIUM | N/A |
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.4 MEDIUM | N/A |
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||
CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2013-10-24 | 1.9 LOW | N/A |
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||||
CVE-2013-5173 | 1 Apple | 1 Mac Os X | 2013-10-24 | 2.1 LOW | N/A |
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||||
CVE-2013-5175 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.6 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||||
CVE-2013-5176 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | |||||
CVE-2013-5177 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.9 MEDIUM | N/A |
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||||
CVE-2013-5168 | 1 Apple | 1 Mac Os X | 2013-10-24 | 6.8 MEDIUM | N/A |
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||||
CVE-2013-5180 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. | |||||
CVE-2013-5181 | 1 Apple | 1 Mac Os X | 2013-10-24 | 4.3 MEDIUM | N/A |
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. |