Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-1025 1 Apple 2 Iphone Os, Mac Os X 2013-09-26 6.8 MEDIUM N/A
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
CVE-2013-1012 1 Apple 1 Safari 2013-09-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
CVE-2013-1026 1 Apple 2 Iphone Os, Mac Os X 2013-09-26 6.8 MEDIUM N/A
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
CVE-2013-1028 1 Apple 2 Iphone Os, Mac Os X 2013-09-26 5.8 MEDIUM N/A
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.
CVE-2013-1130 2 Apple, Cisco 2 Mac Os X, Anyconnect Secure Mobility Client 2013-09-23 6.8 MEDIUM N/A
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
CVE-2013-1031 1 Apple 1 Mac Os X 2013-09-19 3.3 LOW N/A
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
CVE-2013-5132 1 Apple 1 Airport Base Station Firmware 2013-09-18 5.4 MEDIUM N/A
Apple AirPort Base Station Firmware before 7.6.4 does not properly handle incorrect frame lengths, which allows remote attackers to cause a denial of service (device crash) by associating with the access point and then sending a short frame.
CVE-2013-1033 1 Apple 1 Mac Os X 2013-09-18 5.5 MEDIUM N/A
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
CVE-2013-1029 1 Apple 1 Mac Os X 2013-09-18 4.9 MEDIUM N/A
The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to cause a denial of service (panic) via crafted IGMP packets that leverage incorrect, extraneous code in the IGMP parser.
CVE-2013-1030 1 Apple 1 Mac Os X 2013-09-18 2.1 LOW N/A
mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 places a password on the command line, which allows local users to obtain sensitive information by listing the process.
CVE-2013-1027 1 Apple 1 Mac Os X 2013-09-18 6.8 MEDIUM N/A
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
CVE-2012-3748 1 Apple 2 Iphone Os, Safari 2013-09-17 5.1 MEDIUM N/A
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
CVE-2010-0533 1 Apple 2 Mac Os X, Mac Os X Server 2013-09-10 7.5 HIGH N/A
Directory traversal vulnerability in AFP Server in Apple Mac OS X before 10.6.3 allows remote attackers to list a share root's parent directory, and read and modify files in that directory, via unspecified vectors.
CVE-2006-1220 1 Apple 2 Mac Os X, Mac Os X Server 2013-09-05 4.6 MEDIUM N/A
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
CVE-2008-0993 1 Apple 3 Mac Os X, Mac Os X Server, Podcast Producer 2013-08-26 2.1 LOW N/A
Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes a subtask with passwords in command line arguments, which allows local users to read the passwords via process listings.
CVE-2013-3345 5 Adobe, Apple, Google and 2 more 5 Flash Player, Mac Os X, Android and 2 more 2013-08-21 10.0 HIGH N/A
Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2013-3347 5 Adobe, Apple, Google and 2 more 5 Flash Player, Mac Os X, Android and 2 more 2013-08-21 10.0 HIGH N/A
Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 on Windows and Mac OS X, before 11.2.202.297 on Linux, before 11.1.111.64 on Android 2.x and 3.x, and before 11.1.115.69 on Android 4.x allows attackers to execute arbitrary code via PCM data that is not properly handled during resampling.
CVE-2012-5131 2 Apple, Google 2 Mac Os X, Chrome 2013-08-16 7.5 HIGH N/A
Google Chrome before 23.0.1271.91 on Mac OS X does not properly mitigate improper rendering behavior in the Intel GPU driver, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
CVE-2012-3749 1 Apple 1 Iphone Os 2013-08-16 5.0 MEDIUM N/A
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.
CVE-2007-0588 1 Apple 2 Mac Os X, Quicktime 2013-08-14 7.1 HIGH N/A
The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.