Skip to main content
CVE-2013-3954 MEDIUM POC This Month

The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Denial Of Service Apple Mac Os X Iphone Os
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2013-3955 MEDIUM POC This Month

The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to. Rated medium severity (CVSS 6.2). Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Apple Iphone Os Ipad +2
NVD
CVSS 2.0
6.2
EPSS
0.1%
CVE-2013-3950 MEDIUM POC This Month

Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Apple Iphone Os
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-3953 MEDIUM POC This Month

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Mac Os X Iphone Os
NVD
CVSS 2.0
4.9
EPSS
0.1%
CVE-2013-3951 MEDIUM POC This Month

sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Iphone Os Mac Os X Watchos
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-3948 MEDIUM POC This Month

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Apple Open Redirect Iphone Os
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1024 MEDIUM This Month

CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Apple RCE Mac Os X Mac Os X Server
NVD
CVSS 2.0
6.8
EPSS
1.8%
CVE-2013-0983 MEDIUM This Month

Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X
NVD
CVSS 2.0
6.8
EPSS
1.2%
CVE-2013-0975 MEDIUM This Month

Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Mac Os X +1
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1023 MEDIUM This Month

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-1009 MEDIUM This Month

WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Safari
NVD
CVSS 2.0
6.8
EPSS
1.1%
CVE-2013-2855 MEDIUM This Month

The Developer Tools API in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Google Chrome Debian Linux
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2013-0990 MEDIUM This Month

SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apple Mac Os X Mac Os X Server
NVD
CVSS 2.0
4.9
EPSS
0.3%
CVE-2013-1012 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple XSS Safari
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-1013 MEDIUM This Month

XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Apple XSS Safari
NVD
CVSS 2.0
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy