Vendor CVEs
Apple Inc.
All CVEs
8,442 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5179 | 0.00 | — | 0.01 | Oct 24, 2013 | App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. | |||
| CVE-2013-5178 | 0.00 | — | 0.01 | Oct 24, 2013 | LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | |||
| CVE-2013-5177 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. | |||
| CVE-2013-5176 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. | |||
| CVE-2013-5175 | 0.00 | — | 0.00 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. | |||
| CVE-2013-5174 | 0.00 | — | 0.00 | Oct 24, 2013 | Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. | |||
| CVE-2013-5173 | 0.00 | — | 0.00 | Oct 24, 2013 | The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. | |||
| CVE-2013-5172 | 0.00 | — | 0.01 | Oct 24, 2013 | The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. | |||
| CVE-2013-5171 | 0.00 | — | 0.00 | Oct 24, 2013 | CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | |||
| CVE-2013-5170 | 0.00 | — | 0.02 | Oct 24, 2013 | Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document. | |||
| CVE-2013-5169 | 0.00 | — | 0.00 | Oct 24, 2013 | CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||
| CVE-2013-5168 | 0.00 | — | 0.02 | Oct 24, 2013 | Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. | |||
| CVE-2013-5167 | 0.00 | — | 0.01 | Oct 24, 2013 | CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers. | |||
| CVE-2013-5166 | 0.00 | — | 0.00 | Oct 24, 2013 | The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application. | |||
| CVE-2013-5165 | 0.00 | — | 0.02 | Oct 24, 2013 | socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||
| CVE-2013-5164 | 0.00 | — | 0.00 | Oct 24, 2013 | Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane. | |||
| CVE-2013-5162 | 0.00 | — | 0.00 | Oct 24, 2013 | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | |||
| CVE-2013-5144 | 0.00 | — | 0.00 | Oct 24, 2013 | Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a… | |||
| CVE-2013-5136 | 0.00 | — | 0.01 | Oct 24, 2013 | Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by… | |||
| CVE-2013-5163 | 0.00 | — | 0.00 | Oct 4, 2013 | Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors. | |||
| CVE-2013-5161 | 0.00 | — | 0.00 | Sep 28, 2013 | Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition… | |||
| CVE-2013-5160 | 0.00 | — | 0.00 | Sep 28, 2013 | Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||
| CVE-2013-5159 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | |||
| CVE-2013-5158 | 0.00 | — | 0.00 | Sep 19, 2013 | The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | |||
| CVE-2013-5157 | 0.00 | — | 0.01 | Sep 19, 2013 | The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | |||
| CVE-2013-5156 | 0.00 | — | 0.01 | Sep 19, 2013 | The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | |||
| CVE-2013-5155 | 0.00 | — | 0.02 | Sep 19, 2013 | The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | |||
| CVE-2013-5154 | 0.00 | — | 0.01 | Sep 19, 2013 | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||
| CVE-2013-5153 | 0.00 | — | 0.00 | Sep 19, 2013 | Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||
| CVE-2013-5152 | 0.00 | — | 0.01 | Sep 19, 2013 | Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||
| CVE-2013-5151 | 0.00 | — | 0.02 | Sep 19, 2013 | Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |||
| CVE-2013-5150 | 0.00 | — | 0.00 | Sep 19, 2013 | The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | |||
| CVE-2013-5149 | 0.00 | — | 0.01 | Sep 19, 2013 | The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||
| CVE-2013-5145 | 0.00 | — | 0.00 | Sep 19, 2013 | kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||
| CVE-2013-5142 | 0.00 | — | 0.00 | Sep 19, 2013 | The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | |||
| CVE-2013-5141 | 0.00 | — | 0.02 | Sep 19, 2013 | The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | |||
| CVE-2013-5140 | 0.00 | — | 0.03 | Sep 19, 2013 | The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||
| CVE-2013-5139 | 0.00 | — | 0.03 | Sep 19, 2013 | The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | |||
| CVE-2013-5138 | 0.00 | — | 0.00 | Sep 19, 2013 | IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||
| CVE-2013-5137 | 0.00 | — | 0.01 | Sep 19, 2013 | IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | |||
| CVE-2013-5131 | 0.00 | — | 0.02 | Sep 19, 2013 | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-5129 | 0.00 | — | 0.02 | Sep 19, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | |||
| CVE-2013-5128 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5127 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5126 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-5125 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1047 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1046 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1045 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||
| CVE-2013-1044 | 0.00 | — | 0.02 | Sep 19, 2013 | WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. |
- CVE-2013-5179Oct 24, 2013risk 0.00cvss —epss 0.01
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
- CVE-2013-5178Oct 24, 2013risk 0.00cvss —epss 0.01
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence.
- CVE-2013-5177Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure.
- CVE-2013-5176Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error.
- CVE-2013-5175Oct 24, 2013risk 0.00cvss —epss 0.00
The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file.
- CVE-2013-5174Oct 24, 2013risk 0.00cvss —epss 0.00
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
- CVE-2013-5173Oct 24, 2013risk 0.00cvss —epss 0.00
The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers.
- CVE-2013-5172Oct 24, 2013risk 0.00cvss —epss 0.01
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection.
- CVE-2013-5171Oct 24, 2013risk 0.00cvss —epss 0.00
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
- CVE-2013-5170Oct 24, 2013risk 0.00cvss —epss 0.02
Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
- CVE-2013-5169Oct 24, 2013risk 0.00cvss —epss 0.00
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
- CVE-2013-5168Oct 24, 2013risk 0.00cvss —epss 0.02
Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL.
- CVE-2013-5167Oct 24, 2013risk 0.00cvss —epss 0.01
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
- CVE-2013-5166Oct 24, 2013risk 0.00cvss —epss 0.00
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
- CVE-2013-5165Oct 24, 2013risk 0.00cvss —epss 0.02
socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured.
- CVE-2013-5164Oct 24, 2013risk 0.00cvss —epss 0.00
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
- CVE-2013-5162Oct 24, 2013risk 0.00cvss —epss 0.00
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
- CVE-2013-5144Oct 24, 2013risk 0.00cvss —epss 0.00
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a…
- CVE-2013-5136Oct 24, 2013risk 0.00cvss —epss 0.01
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by…
- CVE-2013-5163Oct 4, 2013risk 0.00cvss —epss 0.00
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
- CVE-2013-5161Sep 28, 2013risk 0.00cvss —epss 0.00
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition…
- CVE-2013-5160Sep 28, 2013risk 0.00cvss —epss 0.00
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
- CVE-2013-5159Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
- CVE-2013-5158Sep 19, 2013risk 0.00cvss —epss 0.00
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
- CVE-2013-5157Sep 19, 2013risk 0.00cvss —epss 0.01
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
- CVE-2013-5156Sep 19, 2013risk 0.00cvss —epss 0.01
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
- CVE-2013-5155Sep 19, 2013risk 0.00cvss —epss 0.02
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
- CVE-2013-5154Sep 19, 2013risk 0.00cvss —epss 0.01
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
- CVE-2013-5153Sep 19, 2013risk 0.00cvss —epss 0.00
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
- CVE-2013-5152Sep 19, 2013risk 0.00cvss —epss 0.01
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
- CVE-2013-5151Sep 19, 2013risk 0.00cvss —epss 0.02
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
- CVE-2013-5150Sep 19, 2013risk 0.00cvss —epss 0.00
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
- CVE-2013-5149Sep 19, 2013risk 0.00cvss —epss 0.01
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
- CVE-2013-5145Sep 19, 2013risk 0.00cvss —epss 0.00
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
- CVE-2013-5142Sep 19, 2013risk 0.00cvss —epss 0.00
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
- CVE-2013-5141Sep 19, 2013risk 0.00cvss —epss 0.02
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."
- CVE-2013-5140Sep 19, 2013risk 0.00cvss —epss 0.03
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
- CVE-2013-5139Sep 19, 2013risk 0.00cvss —epss 0.03
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
- CVE-2013-5138Sep 19, 2013risk 0.00cvss —epss 0.00
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
- CVE-2013-5137Sep 19, 2013risk 0.00cvss —epss 0.01
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
- CVE-2013-5131Sep 19, 2013risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
- CVE-2013-5129Sep 19, 2013risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
- CVE-2013-5128Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5127Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5126Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-5125Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1047Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1046Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1045Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
- CVE-2013-1044Sep 19, 2013risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.
Page 132 of 169