Iphone Os@* Security Vulnerabilities and Issues — Page 65 of Iphone Os@* CVE List

9.3CVSS7.8AI score0.01849EPSS

CVE-2011-2870

WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE...

9.3CVSS7.8AI score0.01849EPSS

CVE-2011-2873

4.3CVSS4.9AI score0.00588EPSS

CVE-2012-0590

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.

CVE-2012-0591

CVE-2012-0609

CVE-2012-0610

CVE-2012-0617

CVE-2012-0618

CVE-2012-0621

CVE-2012-0631

CVE-2012-0635

5CVSS5.2AI score0.00556EPSS

CVE-2012-0641

CFNetwork in Apple iOS before 5.1 does not properly construct request headers during parsing of URLs, which allows remote attackers to obtain sensitive information via a malformed URL, a different vulnerability than CVE-2011-3447.

CVE•added 2012/09/13 10:30 a.m.•44 views

CVE-2012-3701

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3737

The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value.

2.1CVSS5.5AI score0.00068EPSS

CVE•added 2012/09/20 9:55 p.m.•44 views

CVE-2012-3743

The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.

5CVSS5AI score0.00421EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3749

The extensions APIs in the kernel in Apple iOS before 6.0.1 provide kernel addresses in responses that contain an OSBundleMachOHeaders key, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.6AI score0.00498EPSS

CVE•added 2012/11/03 5:55 p.m.•44 views

CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors.

3.6CVSS5.6AI score0.00073EPSS

CVE•added 2013/09/16 1:2 p.m.•44 views

CVE-2013-1028

The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

5.8CVSS5.3AI score0.0038EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-1042

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-5128

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:27 a.m.•44 views

CVE-2013-5131

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3CVSS5AI score0.0032EPSS

CVE•added 2013/09/19 10:28 a.m.•44 views

CVE-2013-5137

IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.

2.6CVSS5.9AI score0.00371EPSS

CVE•added 2013/09/19 10:28 a.m.•44 views

CVE-2013-5141

The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."

7.1CVSS5.6AI score0.00532EPSS

CVE•added 2014/07/01 10:17 a.m.•44 views

CVE-2014-1368

WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 and 7.x before 7.0.5, and Apple TV before 6.1.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...

6.8CVSS7.8AI score0.01171EPSS

CVE•added 2015/01/30 11:59 a.m.•44 views

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.

10CVSS4.6AI score0.01019EPSS

CVE•added 2015/04/10 2:59 p.m.•44 views

CVE-2015-1126

WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

4.3CVSS7.5AI score0.65446EPSS

CVE•added 2015/08/16 11:59 p.m.•44 views

CVE-2015-3778

bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.

3.3CVSS7.3AI score0.00351EPSS

CVE•added 2015/08/17 12:0 a.m.•44 views

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.

4.3CVSS7.4AI score0.02365EPSS

CVE•added 2015/08/17 12:1 a.m.•44 views

CVE-2015-5781

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.

4.3CVSS7AI score0.00651EPSS

CVE•added 2015/11/22 3:59 a.m.•44 views

CVE-2015-5859

The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

4.3CVSS5.3AI score0.0025EPSS

CVE•added 2015/10/23 10:59 a.m.•44 views

CVE-2015-6979

GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.1AI score0.01466EPSS

6.8CVSS7.7AI score0.0091EPSS

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS9AI score0.03398EPSS

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9.1AI score0.01234EPSS

CVE-2015-7066

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.