iOS

CVEs (1,808)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2012-0592	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0591	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0590	Apple Inc. Iphone Os	—	0.01	Mar 8, 2012	Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
CVE-2012-0589	Apple Inc. Webkit	—	0.01	Mar 8, 2012	Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
CVE-2012-0588	Apple Inc. Iphone Os	—	0.01	Mar 8, 2012	Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
CVE-2012-0587	Apple Inc. Iphone Os	—	0.01	Mar 8, 2012	Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
CVE-2012-0586	Apple Inc. Iphone Os	—	0.01	Mar 8, 2012	Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.
CVE-2012-0585	Apple Inc. Safari	—	0.01	Mar 8, 2012	The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
CVE-2011-2872	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2871	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2870	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2869	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2868	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2867	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2833	Apple Inc. iTunes	—	0.02	Mar 8, 2012	WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-3442	Apple Inc. Iphone Os	—	0.00	Nov 11, 2011	The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
CVE-2011-3441	Apple Inc. Iphone Os	—	0.00	Nov 11, 2011	libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
CVE-2011-3440	Apple Inc. Iphone Os	—	0.00	Nov 11, 2011	The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVE-2011-3434	Apple Inc. Iphone Os	—	0.00	Oct 14, 2011	The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2011-3432	Apple Inc. Iphone Os	—	0.01	Oct 14, 2011	The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

CVE-2012-0592Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0591Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2012-0590Mar 8, 2012
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
CVE-2012-0589Mar 8, 2012
Apple Inc.
Webkit
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
CVE-2012-0588Mar 8, 2012
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
CVE-2012-0587Mar 8, 2012
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
CVE-2012-0586Mar 8, 2012
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.
CVE-2012-0585Mar 8, 2012
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.
CVE-2011-2872Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2871Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2870Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2869Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2868Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2867Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-2833Mar 8, 2012
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2011-3442Nov 11, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.
CVE-2011-3441Nov 11, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.
CVE-2011-3440Nov 11, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVE-2011-3434Oct 14, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.
CVE-2011-3432Oct 14, 2011
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog.

Page 88 of 91