Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-05 | CVE-2013-3950 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | 5.0 |
| 2013-06-05 | CVE-2013-3948 | Improper Input Validation vulnerability in Apple Iphone OS 6.1.3 Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | 4.3 |
| 2013-06-05 | CVE-2013-1024 | Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly initialize memory during the processing of text tracks, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | 6.8 |
| 2013-06-05 | CVE-2013-1023 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1009. | 6.8 |
| 2013-06-05 | CVE-2013-1013 | Improper Input Validation vulnerability in Apple Safari XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors. | 4.3 |
| 2013-06-05 | CVE-2013-1012 | Cross-Site Scripting vulnerability in Apple Safari Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | 4.3 |
| 2013-06-05 | CVE-2013-1009 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2013-1023. | 6.8 |
| 2013-06-05 | CVE-2013-0990 | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | 4.9 |
| 2013-06-05 | CVE-2013-0983 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text glyph in a URL encountered by Safari. | 6.8 |
| 2013-06-05 | CVE-2013-0975 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image. | 6.8 |