Vulnerabilities > Apple
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-11 | CVE-2013-5331 | Code Injection vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013. | 9.3 |
| 2013-11-18 | CVE-2013-3694 | Cross-Site Request Forgery (CSRF) vulnerability in Blackberry Link BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding. | 6.8 |
| 2013-11-18 | CVE-2013-6799 | Buffer Errors vulnerability in Apple mac OS X 10.9 Apple Mac OS X 10.9 allows local users to cause a denial of service (memory corruption or panic) by creating a hard link to a directory. | 4.7 |
| 2013-11-18 | CVE-2013-6798 | Permissions, Privileges, and Access Controls vulnerability in Blackberry Link BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. | 5.8 |
| 2013-11-18 | CVE-2013-5193 | Credentials Management vulnerability in Apple Iphone OS The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | 4.7 |
| 2013-11-13 | CVE-2013-5330 | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329. | 10.0 |
| 2013-11-13 | CVE-2013-5329 | Buffer Errors vulnerability in Adobe Air, AIR SDK and Flash Player Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330. | 10.0 |
| 2013-11-04 | CVE-2013-6114 | Integer Overflow OR Wraparound vulnerability in Apple Motion 5.0.7 Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. | 5.0 |
| 2013-10-24 | CVE-2013-5148 | Permissions, Privileges, and Access Controls vulnerability in Apple Keynote Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | 7.2 |
| 2013-10-24 | CVE-2013-5143 | Certificate Validation Security Bypass vulnerability in Apple Mac OS X Server The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. network apple | 6.8 |