iOS
by Apple Inc.
CVEs (3,199)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5154 | 0.00 | — | 0.01 | Sep 19, 2013 | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||
| CVE-2013-5153 | 0.00 | — | 0.00 | Sep 19, 2013 | Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||
| CVE-2013-5152 | 0.00 | — | 0.01 | Sep 19, 2013 | Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||
| CVE-2013-5151 | 0.00 | — | 0.02 | Sep 19, 2013 | Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |||
| CVE-2013-5149 | 0.00 | — | 0.01 | Sep 19, 2013 | The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||
| CVE-2013-5145 | 0.00 | — | 0.00 | Sep 19, 2013 | kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||
| CVE-2013-5142 | 0.00 | — | 0.00 | Sep 19, 2013 | The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | |||
| CVE-2013-5141 | 0.00 | — | 0.02 | Sep 19, 2013 | The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | |||
| CVE-2013-5140 | 0.00 | — | 0.03 | Sep 19, 2013 | The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||
| CVE-2013-5139 | 0.00 | — | 0.03 | Sep 19, 2013 | The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | |||
| CVE-2013-5138 | 0.00 | — | 0.00 | Sep 19, 2013 | IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||
| CVE-2013-5137 | 0.00 | — | 0.01 | Sep 19, 2013 | IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||
| CVE-2013-5131 | 0.00 | — | 0.02 | Sep 19, 2013 | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-5129 | 0.00 | — | 0.02 | Sep 19, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||
| CVE-2013-5128 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5127 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5126 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5125 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1047 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1046 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
- CVE-2013-5154Sep 19, 2013risk 0.00cvss —epss 0.01
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
- CVE-2013-5153Sep 19, 2013risk 0.00cvss —epss 0.00
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
- CVE-2013-5152Sep 19, 2013risk 0.00cvss —epss 0.01
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
- CVE-2013-5151Sep 19, 2013risk 0.00cvss —epss 0.02
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
- CVE-2013-5149Sep 19, 2013risk 0.00cvss —epss 0.01
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
- CVE-2013-5145Sep 19, 2013risk 0.00cvss —epss 0.00
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
- CVE-2013-5142Sep 19, 2013risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
- CVE-2013-5141Sep 19, 2013risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
- CVE-2013-5140Sep 19, 2013risk 0.00cvss —epss 0.03
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
- CVE-2013-5139Sep 19, 2013risk 0.00cvss —epss 0.03
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
- CVE-2013-5138Sep 19, 2013risk 0.00cvss —epss 0.00
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
- CVE-2013-5137Sep 19, 2013risk 0.00cvss —epss 0.01
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
- CVE-2013-5131Sep 19, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2013-5129Sep 19, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
- CVE-2013-5128Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5127Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5126Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5125Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1047Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1046Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Page 151 of 160