Iphone Os Security Vulnerabilities and Issues — Page 2 of Iphone Os CVE List

CVE•added 2012/03/08 10:55 p.m.•55 views

CVE-2012-0619

CVE-2011-2868

CVE•added 2012/03/22 4:55 p.m.•54 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS

CVE•added 2012/03/30 10:55 p.m.•54 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS

CVE•added 2012/02/09 4:10 a.m.•54 views

CVE-2011-3966

7.5CVSS9.3AI score0.07118EPSS

CVE-2012-0600

CVE-2012-0601

CVE-2012-0622

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0587

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.

4.3CVSS5.2AI score0.00588EPSS

CVE•added 2012/05/08 10:25 a.m.•53 views

CVE-2012-0672

WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS7.7AI score0.01074EPSS

CVE•added 2012/09/26 10:56 a.m.•53 views

CVE-2012-2889

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

4.3CVSS7AI score0.00389EPSS

CVE•added 2012/09/13 10:30 a.m.•53 views

CVE-2012-3606

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01664EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0602

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0628

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0645

Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

1.2CVSS6AI score0.00092EPSS

CVE•added 2012/11/14 12:30 p.m.•52 views

CVE-2012-2619

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.

7.8CVSS6.4AI score0.26529EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2011-2867

CVE•added 2012/01/24 4:3 a.m.•51 views

CVE-2011-3924

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

7.5CVSS7AI score0.0234EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0604

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0613

CVE•added 2012/08/06 3:55 p.m.•51 views

CVE-2012-2857

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...

6.8CVSS7AI score0.01383EPSS

CVE-2012-0593

CVE-2012-0594

CVE-2012-0605

9.3CVSS7.1AI score0.01831EPSS

CVE-2012-0643

The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

CVE•added 2012/09/13 10:30 a.m.•50 views

CVE-2012-3632

9.3CVSS7.8AI score0.017EPSS

CVE•added 2012/03/05 7:55 p.m.•49 views

CVE-2011-3040

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3CVSS6AI score0.02655EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0585

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

5CVSS6.2AI score0.00775EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0615

CVE-2011-2870

CVE-2012-0598

CVE-2012-0623

CVE-2012-0626

CVE-2012-0632

CVE-2012-0633

4.3CVSS4.9AI score0.00588EPSS

CVE-2012-0590

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

CVE-2012-0591

CVE-2012-0610

CVE-2012-0631

6.9CVSS5.6AI score0.00053EPSS

CVE-2012-0644

Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.

CVE•added 2012/09/13 10:30 a.m.•47 views

CVE-2012-3621

9.3CVSS7.8AI score0.01664EPSS

CVE•added 2012/09/20 9:55 p.m.•47 views

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.

4.3CVSS5.7AI score0.00409EPSS

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2011-2873

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0609