Filtered by vendor Apple
Subscriptions
Filtered by product Iphone Os
Subscriptions
Total
3666 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-0588 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589. | ||||
CVE-2013-6835 | 1 Apple | 2 Iphone Os, Safari | 2024-08-06 | N/A |
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | ||||
CVE-2013-5225 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5228 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5199 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5198 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5159 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | ||||
CVE-2013-5197 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5196 | 1 Apple | 5 Iphone Os, Itunes, Safari and 2 more | 2024-08-06 | N/A |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. | ||||
CVE-2013-5150 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | ||||
CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
CVE-2013-5131 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
CVE-2013-5139 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | ||||
CVE-2013-5157 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | ||||
CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | ||||
CVE-2013-5147 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | ||||
CVE-2013-5137 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | ||||
CVE-2013-5151 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | ||||
CVE-2013-5142 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. |