Iphone Os Security Vulnerabilities and Issues — Page 2 of Iphone Os CVE List

Lucene search

AppleIphone Os

155 matches found

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3071

Use-after-free vulnerability in the HTMLMediaElement implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS7AI score0.02863EPSS

CVE•added 2012/04/05 10:2 p.m.•53 views

CVE-2011-3074

Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of media.

6.8CVSS6.9AI score0.02128EPSS

CVE•added 2012/02/09 4:10 a.m.•53 views

CVE-2011-3968

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving Cascading Style Sheets (CSS) token sequences.

4.3CVSS7AI score0.01891EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0589

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.

4.3CVSS5.2AI score0.00588EPSS

CVE•added 2012/03/08 10:55 p.m.•53 views

CVE-2012-0619

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2011-2868

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/22 4:55 p.m.•52 views

CVE-2011-3050

Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element.

6.8CVSS6.9AI score0.05574EPSS

CVE•added 2012/03/30 10:55 p.m.•52 views

CVE-2011-3059

Google Chrome before 18.0.1025.142 does not properly handle SVG text elements, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.

6.8CVSS6.1AI score0.02353EPSS

CVE•added 2012/02/09 4:10 a.m.•52 views

CVE-2011-3966

Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence data.

7.5CVSS9.3AI score0.07118EPSS

CVE•added 2012/02/09 4:10 a.m.•52 views

CVE-2011-3969

6.8CVSS7AI score0.01964EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0592

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•52 views

CVE-2012-0600

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/09/13 10:30 a.m.•52 views

CVE-2012-3606

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0587

4.3CVSS5.2AI score0.00588EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0601

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0622

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•51 views

CVE-2012-0645

Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient.

1.2CVSS6AI score0.00092EPSS

CVE•added 2012/05/08 10:25 a.m.•51 views

CVE-2012-0672

WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS7.7AI score0.01074EPSS

CVE•added 2012/11/14 12:30 p.m.•51 views

CVE-2012-2619

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.

7.8CVSS6.4AI score0.26529EPSS

CVE•added 2012/09/26 10:56 a.m.•51 views

CVE-2012-2889

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

4.3CVSS7AI score0.00389EPSS

CVE•added 2012/03/08 10:55 p.m.•50 views

CVE-2012-0602

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/08/06 3:55 p.m.•50 views

CVE-2012-2857

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...

6.8CVSS7AI score0.01383EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2011-2867

9.3CVSS7.8AI score0.01849EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0604

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0613

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•49 views

CVE-2012-0628

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/09/13 10:30 a.m.•49 views

CVE-2012-3632

9.3CVSS7.8AI score0.01274EPSS

CVE•added 2012/01/24 4:3 a.m.•48 views

CVE-2011-3924

Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections.

7.5CVSS7AI score0.0234EPSS

CVE•added 2012/03/08 10:55 p.m.•48 views

CVE-2012-0594

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•48 views

CVE-2012-0605

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•48 views

CVE-2012-0643

The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program.

9.3CVSS7.1AI score0.01831EPSS

CVE•added 2012/03/05 7:55 p.m.•47 views

CVE-2011-3040

Google Chrome before 17.0.963.65 does not properly handle text, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3CVSS6AI score0.02655EPSS

CVE•added 2012/03/08 10:55 p.m.•47 views

CVE-2012-0585

The Private Browsing feature in Safari in Apple iOS before 5.1 allows remote attackers to bypass intended privacy settings and insert history entries via JavaScript code that calls the (1) pushState or (2) replaceState method.

5CVSS6.2AI score0.00775EPSS

CVE•added 2012/03/08 10:55 p.m.•47 views

CVE-2012-0593

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•47 views

CVE-2012-0615

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0623

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•46 views

CVE-2012-0633

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/09/13 10:30 a.m.•46 views

CVE-2012-3621

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•46 views

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.

4.3CVSS5.7AI score0.00409EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0591

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0598

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0610

9.3CVSS7.8AI score0.01997EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0626

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0632

9.3CVSS7.8AI score0.01837EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0644

Race condition in the Passcode Lock feature in Apple iOS before 5.1 allows physically proximate attackers to bypass intended passcode requirements via a slide-to-dial gesture.

6.9CVSS5.6AI score0.00053EPSS

CVE•added 2012/03/08 10:55 p.m.•45 views

CVE-2012-0646

Format string vulnerability in VPN in Apple iOS before 5.1 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.

9.3CVSS7.1AI score0.08073EPSS

CVE•added 2012/05/08 10:25 a.m.•45 views

CVE-2012-0674

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

4.3CVSS5.7AI score0.00359EPSS

CVE•added 2012/09/13 10:30 a.m.•45 views

CVE-2012-3687

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3735

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.

2.1CVSS5.6AI score0.00077EPSS

CVE•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.

5CVSS6AI score0.00377EPSS

Total number of security vulnerabilities155