Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5162 | 1 Apple | 1 Iphone Os | 2013-10-24 | 2.1 LOW | N/A |
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | |||||
CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2013-10-24 | 3.3 LOW | N/A |
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | |||||
CVE-2013-5137 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.6 LOW | N/A |
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||||
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.8 HIGH | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||
CVE-2013-5151 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |||||
CVE-2013-5155 | 1 Apple | 1 Iphone Os | 2013-10-22 | 7.1 HIGH | N/A |
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | |||||
CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | |||||
CVE-2013-5157 | 1 Apple | 1 Iphone Os | 2013-10-22 | 5.0 MEDIUM | N/A |
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | |||||
CVE-2013-5158 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.1 LOW | N/A |
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | |||||
CVE-2013-5159 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | |||||
CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.1 LOW | N/A |
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||||
CVE-2013-5152 | 1 Apple | 1 Iphone Os | 2013-10-11 | 4.3 MEDIUM | N/A |
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||||
CVE-2013-3955 | 1 Apple | 4 Ipad, Ipad2, Ipad Mini and 1 more | 2013-10-10 | 6.2 MEDIUM | N/A |
The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. | |||||
CVE-2013-3953 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-10 | 4.9 MEDIUM | N/A |
The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||||
CVE-2013-0957 | 1 Apple | 1 Iphone Os | 2013-10-10 | 5.8 MEDIUM | N/A |
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |||||
CVE-2013-5160 | 1 Apple | 1 Iphone Os | 2013-10-07 | 3.3 LOW | N/A |
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||||
CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2013-10-07 | 4.4 MEDIUM | N/A |
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | |||||
CVE-2013-5163 | 1 Apple | 1 Mac Os X | 2013-10-07 | 6.6 MEDIUM | N/A |
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||||
CVE-2013-1729 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2013-10-02 | 2.6 LOW | N/A |
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. | |||||
CVE-2013-5147 | 1 Apple | 1 Iphone Os | 2013-09-26 | 3.7 LOW | N/A |
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. |