iOS

CVEs (2,979)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2013-5152	Apple Inc. iOS	—	0.00	Sep 19, 2013	Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-5149	Apple Inc. iOS	—	0.00	Sep 19, 2013	The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
CVE-2013-5145	Apple Inc. iOS	—	0.00	Sep 19, 2013	kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE-2013-5142	Apple Inc. iOS	—	0.00	Sep 19, 2013	The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
CVE-2013-5141	Apple Inc. iOS	—	0.01	Sep 19, 2013	The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
CVE-2013-5140	Apple Inc. iOS	—	0.01	Sep 19, 2013	The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
CVE-2013-5139	Apple Inc. iOS	—	0.01	Sep 19, 2013	The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
CVE-2013-5138	Apple Inc. iOS	—	0.00	Sep 19, 2013	IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
CVE-2013-5137	Apple Inc. iOS	—	0.00	Sep 19, 2013	IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
CVE-2013-5131	Apple Inc. iOS	—	0.00	Sep 19, 2013	Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-5129	Apple Inc. Webkit	—	0.00	Sep 19, 2013	Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-5128	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5127	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5126	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5125	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1047	Apple Inc. Webkit	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1046	Apple Inc. Webkit	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1045	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1044	Apple Inc. Webkit	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1043	Apple Inc. iOS	—	0.02	Sep 19, 2013	WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVE-2013-5152Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-5149Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
CVE-2013-5145Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE-2013-5142Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
CVE-2013-5141Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
CVE-2013-5140Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
CVE-2013-5139Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
CVE-2013-5138Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
CVE-2013-5137Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
CVE-2013-5131Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-5129Sep 19, 2013
Apple Inc.
Webkit
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
CVE-2013-5128Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5127Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5126Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-5125Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1047Sep 19, 2013
Apple Inc.
Webkit
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1046Sep 19, 2013
Apple Inc.
Webkit
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1045Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1044Sep 19, 2013
Apple Inc.
Webkit
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
CVE-2013-1043Sep 19, 2013
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

Page 140 of 149