| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-2566 |
310 |
|
|
2013-03-15 |
2013-04-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. |
|
2 |
CVE-2013-1022 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted mvhd atoms in a movie file. |
|
3 |
CVE-2013-1021 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG data in a movie file. |
|
4 |
CVE-2013-1020 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JPEG data in a movie file. |
|
5 |
CVE-2013-1019 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. |
|
6 |
CVE-2013-1018 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. |
|
7 |
CVE-2013-1017 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted dref atoms in a movie file. |
|
8 |
CVE-2013-1016 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.263 encoding. |
|
9 |
CVE-2013-1015 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TeXML file. |
|
10 |
CVE-2013-1014 |
264 |
|
|
2013-05-20 |
2013-05-20 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
Apple iTunes before 11.0.3 does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof HTTPS servers via an arbitrary valid certificate. |
|
11 |
CVE-2013-1011 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
12 |
CVE-2013-1010 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
13 |
CVE-2013-1008 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
14 |
CVE-2013-1007 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
15 |
CVE-2013-1006 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
16 |
CVE-2013-1005 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
17 |
CVE-2013-1004 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
18 |
CVE-2013-1003 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
19 |
CVE-2013-1002 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
20 |
CVE-2013-1001 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
21 |
CVE-2013-1000 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
22 |
CVE-2013-0999 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
23 |
CVE-2013-0998 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
24 |
CVE-2013-0997 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
25 |
CVE-2013-0996 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
26 |
CVE-2013-0995 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
27 |
CVE-2013-0994 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
28 |
CVE-2013-0993 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
29 |
CVE-2013-0992 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
30 |
CVE-2013-0991 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-20 |
2013-05-20 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |
|
31 |
CVE-2013-0989 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file. |
|
32 |
CVE-2013-0988 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FPX file. |
|
33 |
CVE-2013-0987 |
399 |
|
DoS Exec Code Mem. Corr. |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted QTIF file. |
|
34 |
CVE-2013-0986 |
119 |
|
DoS Exec Code Overflow |
2013-05-24 |
2013-05-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted enof atoms in a movie file. |
|
35 |
CVE-2013-0981 |
|
|
+Priv |
2013-03-20 |
2013-03-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code. |
|
36 |
CVE-2013-0980 |
264 |
|
Bypass |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. |
|
37 |
CVE-2013-0979 |
264 |
|
|
2013-03-20 |
2013-03-21 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. |
|
38 |
CVE-2013-0978 |
200 |
|
Bypass +Info |
2013-03-20 |
2013-03-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code. |
|
39 |
CVE-2013-0977 |
|
|
Bypass |
2013-03-20 |
2013-03-21 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. |
|
40 |
CVE-2013-0976 |
|
|
DoS Exec Code Mem. Corr. |
2013-03-15 |
2013-03-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image. |
|
41 |
CVE-2013-0974 |
|
|
Exec Code Bypass |
2013-01-29 |
2013-02-05 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. |
|
42 |
CVE-2013-0973 |
|
|
Exec Code |
2013-03-15 |
2013-03-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the client-server data stream. |
|
43 |
CVE-2013-0971 |
399 |
|
DoS Exec Code |
2013-03-15 |
2013-03-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted ink annotations in a PDF document. |
|
44 |
CVE-2013-0970 |
|
|
Bypass |
2013-03-15 |
2013-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. |
|
45 |
CVE-2013-0969 |
264 |
|
Bypass |
2013-03-15 |
2013-03-18 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
|
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. |
|
46 |
CVE-2013-0968 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2013-01-29 |
2013-02-05 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. |
|
47 |
CVE-2013-0967 |
|
|
Bypass |
2013-03-15 |
2013-03-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site. |
|
48 |
CVE-2013-0966 |
|
|
Bypass |
2013-03-15 |
2013-03-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac OS X before 10.8.3 does not properly handle ignorable Unicode characters, which allows remote attackers to bypass intended directory authentication requirements via a crafted pathname in a URI. |
|
49 |
CVE-2013-0964 |
20 |
|
Bypass |
2013-01-29 |
2013-02-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page. |
|
50 |
CVE-2013-0963 |
20 |
|
Bypass |
2013-01-29 |
2013-03-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. |
