Total
3596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5159 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. | |||||
| CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2013-10-22 | 2.1 LOW | N/A |
| Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||||
| CVE-2013-5152 | 1 Apple | 1 Iphone Os | 2013-10-11 | 4.3 MEDIUM | N/A |
| Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||||
| CVE-2013-3955 | 1 Apple | 4 Ipad, Ipad2, Ipad Mini and 1 more | 2013-10-11 | 6.2 MEDIUM | N/A |
| The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem. | |||||
| CVE-2013-3953 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-10-11 | 4.9 MEDIUM | N/A |
| The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call. | |||||
| CVE-2013-0957 | 1 Apple | 1 Iphone Os | 2013-10-11 | 5.8 MEDIUM | N/A |
| Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |||||
| CVE-2013-5160 | 1 Apple | 1 Iphone Os | 2013-10-07 | 3.3 LOW | N/A |
| Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||||
| CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2013-10-07 | 4.4 MEDIUM | N/A |
| Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | |||||
| CVE-2013-5147 | 1 Apple | 1 Iphone Os | 2013-09-27 | 3.7 LOW | N/A |
| Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | |||||
| CVE-2013-1028 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 5.8 MEDIUM | N/A |
| The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-1026 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document. | |||||
| CVE-2013-1025 | 1 Apple | 2 Iphone Os, Mac Os X | 2013-09-27 | 6.8 MEDIUM | N/A |
| Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document. | |||||
| CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2013-09-18 | 5.1 MEDIUM | N/A |
| Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||||
| CVE-2012-3749 | 1 Apple | 1 Iphone Os | 2013-08-17 | 5.0 MEDIUM | N/A |
| The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app. | |||||
| CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2013-03-26 | 3.6 LOW | N/A |
| The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | |||||
| CVE-2012-3737 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |||||
| CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2013-03-26 | 2.1 LOW | N/A |
| Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
| CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2013-03-23 | 6.9 MEDIUM | N/A |
| The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |||||
| CVE-2013-0963 | 1 Apple | 1 Iphone Os | 2013-03-16 | 2.1 LOW | N/A |
| Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID. | |||||
| CVE-2013-0962 | 1 Apple | 1 Iphone Os | 2013-03-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation. | |||||