Apple : Security Vulnerabilities, CVEs, Published In 2013 CVSS score >= 6
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.
Max CVSS
7.5
EPSS Score
94.98%
Published
2013-12-17
Updated
2018-10-30
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
2.31%
Published
2013-12-18
Updated
2019-03-08
Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers to bypass the Same Origin Policy and discover credentials by triggering autofill of subframe form fields.
Max CVSS
6.4
EPSS Score
0.64%
Published
2013-12-18
Updated
2017-01-07
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.56%
Published
2013-12-18
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.69%
Published
2013-12-18
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.56%
Published
2013-12-18
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.56%
Published
2013-12-18
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.56%
Published
2013-12-18
Updated
2019-03-08
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
Max CVSS
6.8
EPSS Score
0.79%
Published
2013-12-18
Updated
2016-12-09
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
Max CVSS
7.5
EPSS Score
0.23%
Published
2013-10-24
Updated
2014-03-06
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
Max CVSS
6.6
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-25
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
Max CVSS
7.1
EPSS Score
0.05%
Published
2013-10-24
Updated
2013-10-24
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
Max CVSS
6.8
EPSS Score
0.44%
Published
2013-10-24
Updated
2014-04-24
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
Max CVSS
6.8
EPSS Score
0.25%
Published
2013-10-24
Updated
2013-10-24
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
Max CVSS
6.4
EPSS Score
0.16%
Published
2013-10-24
Updated
2013-10-25
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
Max CVSS
6.6
EPSS Score
0.04%
Published
2013-10-04
Updated
2013-10-07
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
Max CVSS
7.1
EPSS Score
0.12%
Published
2013-09-19
Updated
2013-10-22
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation.
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-10-24
Updated
2013-10-24
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
Max CVSS
6.3
EPSS Score
0.04%
Published
2013-09-19
Updated
2013-10-31
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate.
Max CVSS
6.8
EPSS Score
0.11%
Published
2013-10-24
Updated
2013-10-24
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
Max CVSS
7.1
EPSS Score
0.14%
Published
2013-09-19
Updated
2013-10-31
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
Max CVSS
7.8
EPSS Score
0.76%
Published
2013-09-19
Updated
2013-10-22
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
Max CVSS
9.3
EPSS Score
0.59%
Published
2013-09-19
Updated
2014-03-06
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
Max CVSS
7.5
EPSS Score
0.52%
Published
2013-10-24
Updated
2018-10-30
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Max CVSS
6.8
EPSS Score
2.08%
Published
2013-09-19
Updated
2014-01-28