Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5131 1 Apple 1 Iphone Os 2013-10-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-5138 1 Apple 1 Iphone Os 2013-10-30 4.7 MEDIUM N/A
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
CVE-2013-5141 1 Apple 1 Iphone Os 2013-10-30 7.1 HIGH N/A
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
CVE-2013-5142 1 Apple 1 Iphone Os 2013-10-30 4.9 MEDIUM N/A
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
CVE-2013-5145 1 Apple 1 Iphone Os 2013-10-30 6.3 MEDIUM N/A
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE-2013-3954 1 Apple 2 Iphone Os, Mac Os X 2013-10-30 6.9 MEDIUM N/A
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer.
CVE-2013-3950 1 Apple 1 Iphone Os 2013-10-30 5.0 MEDIUM N/A
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable.
CVE-2013-1036 1 Apple 1 Iphone Os 2013-10-30 6.8 MEDIUM N/A
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVE-2013-5154 1 Apple 1 Iphone Os 2013-10-25 4.3 MEDIUM N/A
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
CVE-2013-5149 1 Apple 1 Iphone Os 2013-10-25 4.3 MEDIUM N/A
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
CVE-2013-4616 1 Apple 1 Iphone Os 2013-10-25 5.8 MEDIUM N/A
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases.
CVE-2013-5165 1 Apple 1 Mac Os X 2013-10-24 6.4 MEDIUM N/A
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
CVE-2013-5169 1 Apple 1 Mac Os X 2013-10-24 1.9 LOW N/A
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
CVE-2013-5173 1 Apple 1 Mac Os X 2013-10-24 2.1 LOW N/A
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
CVE-2013-5175 1 Apple 1 Mac Os X 2013-10-24 6.6 MEDIUM N/A
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
CVE-2013-5176 1 Apple 1 Mac Os X 2013-10-24 4.9 MEDIUM N/A
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
CVE-2013-5177 1 Apple 1 Mac Os X 2013-10-24 4.9 MEDIUM N/A
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
CVE-2013-5168 1 Apple 1 Mac Os X 2013-10-24 6.8 MEDIUM N/A
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
CVE-2013-5180 1 Apple 1 Mac Os X 2013-10-24 4.3 MEDIUM N/A
The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue.
CVE-2013-5181 1 Apple 1 Mac Os X 2013-10-24 4.3 MEDIUM N/A
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network.