Skip to main content
CVE-2013-0984 CRITICAL POC THREAT Emergency

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 26.1%.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
26.1%
Threat
4.1
CVE-2013-0509 HIGH Act Now

Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 21.7% and no vendor patch available.

Buffer Overflow RCE IBM Tivoli Netcool Application Service Monitors Tivoli Netcool System Service Monitors
NVD
CVSS 2.0
7.6
EPSS
21.7%
CVE-2013-2863 CRITICAL Act Now

Google Chrome before 27.0.1453.110 does not properly handle SSL sockets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google RCE Chrome +1
NVD
CVSS 2.0
10.0
EPSS
6.4%
CVE-2013-3954 MEDIUM POC This Month

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Denial Of Service Apple Mac Os X Iphone Os
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-3955 MEDIUM POC This Month

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple Iphone Os Ipad +2
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-3950 MEDIUM POC This Month

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-3953 MEDIUM POC This Month

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mac Os X Iphone Os
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-3951 MEDIUM POC This Month

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Watchos
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-3948 MEDIUM POC This Month

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Open Redirect Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-0508 HIGH This Week

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE Denial Of Service IBM Tivoli Netcool Application Service Monitors +1
NVD
CVSS 2.0
7.6
EPSS
1.8%
CVE-2013-2862 HIGH This Week

Skia, as used in Google Chrome before 27.0.1453.110, does not properly handle GPU acceleration, which allows remote attackers to cause a denial of service (memory corruption) or possibly have. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2861 HIGH This Week

Use-after-free vulnerability in the SVG implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2860 HIGH This Week

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Memory Corruption Use After Free Debian Linux +1
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2858 HIGH This Week

Use-after-free vulnerability in the HTML5 Audio implementation in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Memory Corruption Use After Free Debian Linux +1
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2857 HIGH This Week

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Memory Corruption Use After Free Debian Linux +1
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2856 HIGH This Week

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Denial Of Service Memory Corruption Use After Free Chrome +1
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2013-2854 HIGH This Week

Google Chrome before 27.0.1453.110 on Windows provides an incorrect handle to a renderer process in unspecified circumstances, which allows remote attackers to cause a denial of service or possibly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Microsoft Chrome
NVD
CVSS 2.0
7.5
EPSS
0.6%
CVE-2013-2865 HIGH This Week

Multiple unspecified vulnerabilities in Google Chrome before 27.0.1453.110 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2864 HIGH This Week

The PDF functionality in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (invalid free operation) or possibly have unspecified other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
0.5%
CVE-2013-2859 HIGH This Week

Google Chrome before 27.0.1453.110 allows remote attackers to bypass the Same Origin Policy and trigger namespace pollution via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Chrome
NVD
CVSS 2.0
7.5
EPSS
0.3%
CVE-2013-3475 HIGH This Week

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Db2 Db2 Connect Smart Analytics System 7600
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-1024 MEDIUM This Month

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Mac Os X Mac Os X Server
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-0983 MEDIUM This Month

Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-0975 MEDIUM This Month

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1023 MEDIUM This Month

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1009 MEDIUM This Month

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-3952 LOW POC Monitor

The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-3949 LOW POC Monitor

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs,. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apple Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2855 MEDIUM This Month

The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0990 MEDIUM This Month

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2013-1012 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple XSS Safari
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1013 MEDIUM This Month

XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple XSS Safari
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-0985 LOW Monitor

Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality). Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Apple Authentication Bypass Mac Os X
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-0982 LOW Monitor

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to. Rated low severity (CVSS 1.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
1.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy