CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple : Security Vulnerabilities (CVSS score between 6 and 6.99)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Copy Results Download Results Select Table
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-1011 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
2 CVE-2013-1010 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
3 CVE-2013-1008 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
4 CVE-2013-1007 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
5 CVE-2013-1006 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
6 CVE-2013-1005 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
7 CVE-2013-1004 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
8 CVE-2013-1003 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
9 CVE-2013-1002 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
10 CVE-2013-1001 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
11 CVE-2013-1000 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
12 CVE-2013-0999 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
13 CVE-2013-0998 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
14 CVE-2013-0997 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
15 CVE-2013-0996 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
16 CVE-2013-0995 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
17 CVE-2013-0994 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
18 CVE-2013-0993 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
19 CVE-2013-0992 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
20 CVE-2013-0991 399 DoS Exec Code Mem. Corr. 2013-05-20 2013-05-20
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.
21 CVE-2013-0973 Exec Code 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream.
22 CVE-2013-0971 399 DoS Exec Code 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document.
23 CVE-2013-0968 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-02-05
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
24 CVE-2013-0966 Bypass 2013-03-15 2013-03-18
6.4
 None Remote Low Not required Partial Partial None
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI.
25 CVE-2013-0961 DoS Exec Code Mem. Corr. 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0960.
26 CVE-2013-0960 DoS Exec Code Mem. Corr. 2013-03-15 2013-03-18
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-0961.
27 CVE-2013-0959 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
28 CVE-2013-0958 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
29 CVE-2013-0956 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
30 CVE-2013-0955 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
31 CVE-2013-0954 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
32 CVE-2013-0953 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
33 CVE-2013-0952 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
34 CVE-2013-0951 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
35 CVE-2013-0950 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
36 CVE-2013-0949 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
37 CVE-2013-0948 119 DoS Exec Code Overflow Mem. Corr. 2013-01-29 2013-03-15
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
38 CVE-2012-3747 399 DoS Exec Code Mem. Corr. 2012-09-20 2013-03-25
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
39 CVE-2012-3732 310 2012-09-20 2013-03-25
6.4
 None Remote Low Not required None Partial Partial
Mail in Apple iOS before 6 uses an S/MIME message's From address as the displayed sender address, which allows remote attackers to spoof signed content via an e-mail message in which the From field does not match the signer's identity.
40 CVE-2012-3728 264 +Priv 2012-09-20 2013-03-22
6.9
 None Local Medium Not required Complete Complete Complete
The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls.
41 CVE-2012-3727 119 Exec Code Overflow 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
42 CVE-2012-3726 399 DoS Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
Double free vulnerability in ImageIO in Apple iOS before 6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
43 CVE-2012-3722 399 DoS Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
44 CVE-2012-3719 20 Exec Code 2012-09-20 2013-03-22
6.8
 None Remote Medium Not required Partial Partial Partial
Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded web plugins, which allows remote attackers to execute arbitrary plugin code via an e-mail message that triggers the loading of a third-party plugin.
45 CVE-2012-3712 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
46 CVE-2012-3711 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
47 CVE-2012-3710 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
48 CVE-2012-3709 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
49 CVE-2012-3708 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
50 CVE-2012-3707 DoS Exec Code Mem. Corr. 2012-09-13 2013-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.
Total number of vulnerabilities : 376   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.