Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0680 | 1 Apple | 1 Safari | 2013-04-01 | 5.0 MEDIUM | N/A |
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation. | |||||
CVE-2012-0681 | 1 Apple | 1 Apple Remote Desktop | 2013-04-01 | 4.3 MEDIUM | N/A |
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | |||||
CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2013-03-25 | 2.1 LOW | N/A |
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2013-03-25 | 3.6 LOW | N/A |
The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | |||||
CVE-2012-3737 | 1 Apple | 1 Iphone Os | 2013-03-25 | 2.1 LOW | N/A |
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |||||
CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2013-03-22 | 6.9 MEDIUM | N/A |
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |||||
CVE-2012-3650 | 1 Apple | 1 Safari | 2013-03-21 | 4.3 MEDIUM | N/A |
WebKit in Apple Safari before 6.0 accesses uninitialized memory locations during the rendering of SVG images, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
CVE-2012-3695 | 1 Apple | 1 Safari | 2013-03-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary web script or HTML by leveraging improper URL canonicalization during the handling of the location.href property. | |||||
CVE-2012-3696 | 1 Apple | 1 Safari | 2013-03-21 | 4.3 MEDIUM | N/A |
CRLF injection vulnerability in WebKit in Apple Safari before 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP request splitting attacks via a crafted web site that leverages improper WebSockets URI handling. | |||||
CVE-2013-0960 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-18 | 6.8 MEDIUM | N/A |
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961. | |||||
CVE-2013-0966 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.4 MEDIUM | N/A |
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. | |||||
CVE-2013-0967 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 4.3 MEDIUM | N/A |
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. | |||||
CVE-2013-0969 | 1 Apple | 1 Mac Os X | 2013-03-18 | 4.9 MEDIUM | N/A |
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | |||||
CVE-2013-0971 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-18 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. | |||||
CVE-2013-0961 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2013-03-17 | 6.8 MEDIUM | N/A |
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960. | |||||
CVE-2013-0973 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-03-17 | 6.8 MEDIUM | N/A |
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. | |||||
CVE-2013-0956 | 1 Apple | 1 Iphone Os | 2013-03-15 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
CVE-2013-0948 | 1 Apple | 1 Iphone Os | 2013-03-15 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
CVE-2013-0949 | 1 Apple | 1 Iphone Os | 2013-03-15 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
CVE-2013-0950 | 1 Apple | 1 Iphone Os | 2013-03-15 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. |