Total
3262 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.8 HIGH | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||
CVE-2013-5151 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |||||
CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | |||||
CVE-2013-5155 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.1 HIGH | N/A |
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | |||||
CVE-2013-5157 | 1 Apple | 1 Iphone Os | 2013-10-22 | 5.0 MEDIUM | N/A |
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | |||||
CVE-2013-5158 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.1 LOW | N/A |
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | |||||
CVE-2013-5159 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | |||||
CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.1 LOW | N/A |
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||||
CVE-2013-5152 | 1 Apple | 1 Iphone Os | 2013-10-11 | 4.3 MEDIUM | N/A |
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||||
CVE-2013-3953 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-10 | 4.9 MEDIUM | N/A |
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||||
CVE-2013-3955 | 1 Apple | 4 Ipad, Ipad2, Ipad Mini and 1 more | 2013-10-10 | 6.2 MEDIUM | N/A |
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. | |||||
CVE-2013-0957 | 1 Apple | 1 Iphone Os | 2013-10-10 | 5.8 MEDIUM | N/A |
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |||||
CVE-2013-5160 | 1 Apple | 1 Iphone Os | 2013-10-07 | 3.3 LOW | N/A |
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||||
CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2013-10-07 | 4.4 MEDIUM | N/A |
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | |||||
CVE-2013-5147 | 1 Apple | 1 Iphone Os | 2013-09-26 | 3.7 LOW | N/A |
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | |||||
CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-26 | 5.8 MEDIUM | N/A |
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
CVE-2013-1025 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-26 | 6.8 MEDIUM | N/A |
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |||||
CVE-2013-1026 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-26 | 6.8 MEDIUM | N/A |
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||||
CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2013-09-17 | 5.1 MEDIUM | N/A |
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||||
CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2013-08-16 | 5.0 MEDIUM | N/A |
The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. |