Filtered by vendor Apple
Subscribe
Total
12581 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6886 | 3 Apple, Linux, Realvnc | 3 Mac Os X, Linux Kernel, Realvnc | 2013-12-30 | 7.2 HIGH | N/A |
| RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | |||||
| CVE-2010-1819 | 1 Apple | 1 Quicktime | 2013-12-27 | 9.3 HIGH | N/A |
| Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) CoreVideo.dll, (2) CoreGraphics.dll, or (3) CoreAudioToolbox.dll that is located in the same folder as a .pic image file. | |||||
| CVE-2012-5272 | 5 Adobe, Apple, Google and 2 more | 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more | 2013-11-25 | 10.0 HIGH | N/A |
| Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22. | |||||
| CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2013-11-20 | 4.7 MEDIUM | N/A |
| The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
| CVE-2013-6799 | 1 Apple | 1 Mac Os X | 2013-11-20 | 4.7 MEDIUM | N/A |
| Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0105. | |||||
| CVE-2013-3694 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2013-11-19 | 6.8 MEDIUM | N/A |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | |||||
| CVE-2013-5131 | 1 Apple | 1 Iphone Os | 2013-10-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-5129 | 1 Apple | 1 Iphone Os | 2013-10-31 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||||
| CVE-2013-5138 | 1 Apple | 1 Iphone Os | 2013-10-31 | 4.7 MEDIUM | N/A |
| IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||||
| CVE-2013-5141 | 1 Apple | 1 Iphone Os | 2013-10-31 | 7.1 HIGH | N/A |
| The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | |||||
| CVE-2013-5142 | 1 Apple | 1 Iphone Os | 2013-10-31 | 4.9 MEDIUM | N/A |
| The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | |||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2013-10-31 | 6.3 MEDIUM | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||||
| CVE-2013-3954 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-31 | 6.9 MEDIUM | N/A |
| The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with a header count field, or (2) obtain sensitive information from kernel heap memory via a certain size value in conjunction with a crafted buffer. | |||||
| CVE-2013-3950 | 1 Apple | 1 Iphone Os | 2013-10-31 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | |||||
| CVE-2013-1036 | 1 Apple | 1 Iphone Os | 2013-10-31 | 6.8 MEDIUM | N/A |
| Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
| CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2013-10-25 | 4.3 MEDIUM | N/A |
| The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||||
| CVE-2013-4616 | 1 Apple | 1 Iphone Os | 2013-10-25 | 5.8 MEDIUM | N/A |
| The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack that leverages the insufficient number of possible passphrases. | |||||
| CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2013-10-25 | 6.4 MEDIUM | N/A |
| socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||
| CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2013-10-25 | 1.9 LOW | N/A |
| CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||||