Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Total 10175 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5162 1 Apple 1 Iphone Os 2013-10-24 2.1 LOW N/A
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
CVE-2013-5144 1 Apple 1 Iphone Os 2013-10-24 3.3 LOW N/A
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference.
CVE-2013-5137 1 Apple 1 Iphone Os 2013-10-22 2.6 LOW N/A
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
CVE-2013-5140 1 Apple 1 Iphone Os 2013-10-22 7.8 HIGH N/A
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
CVE-2013-5151 1 Apple 1 Iphone Os 2013-10-22 4.3 MEDIUM N/A
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
CVE-2013-5155 1 Apple 1 Iphone Os 2013-10-22 7.1 HIGH N/A
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
CVE-2013-5156 1 Apple 1 Iphone Os 2013-10-22 4.3 MEDIUM N/A
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
CVE-2013-5157 1 Apple 1 Iphone Os 2013-10-22 5.0 MEDIUM N/A
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
CVE-2013-5158 1 Apple 1 Iphone Os 2013-10-22 2.1 LOW N/A
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
CVE-2013-5159 1 Apple 1 Iphone Os 2013-10-22 4.3 MEDIUM N/A
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
CVE-2013-5153 1 Apple 1 Iphone Os 2013-10-22 2.1 LOW N/A
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
CVE-2013-5152 1 Apple 1 Iphone Os 2013-10-11 4.3 MEDIUM N/A
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-3955 1 Apple 4 Ipad, Ipad2, Ipad Mini and 1 more 2013-10-10 6.2 MEDIUM N/A
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
CVE-2013-3953 1 Apple 2 Iphone Os, Mac Os X 2013-10-10 4.9 MEDIUM N/A
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.
CVE-2013-0957 1 Apple 1 Iphone Os 2013-10-10 5.8 MEDIUM N/A
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox.
CVE-2013-5160 1 Apple 1 Iphone Os 2013-10-07 3.3 LOW N/A
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
CVE-2013-5161 1 Apple 1 Iphone Os 2013-10-07 4.4 MEDIUM N/A
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
CVE-2013-5163 1 Apple 1 Mac Os X 2013-10-07 6.6 MEDIUM N/A
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
CVE-2013-1729 2 Apple, Mozilla 2 Mac Os X, Firefox 2013-10-02 2.6 LOW N/A
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element.
CVE-2013-5147 1 Apple 1 Iphone Os 2013-09-26 3.7 LOW N/A
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.