Lucene search

K
AppleIphone Os4.3.5

121 matches found

cve
cve
added 2012/11/03 5:55 p.m.154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS
cve
cve
added 2013/09/19 10:27 a.m.112 views

CVE-2013-1047

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2012/05/16 12:55 a.m.87 views

CVE-2011-3102

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.5AI score0.02013EPSS
cve
cve
added 2012/08/31 7:55 p.m.84 views

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xs...

4.3CVSS6.6AI score0.00906EPSS
cve
cve
added 2013/09/19 10:27 a.m.83 views

CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

6.1CVSS4.1AI score0.01129EPSS
cve
cve
added 2012/11/28 1:55 a.m.82 views

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML docum...

6.8CVSS9.7AI score0.02065EPSS
cve
cve
added 2012/08/31 7:55 p.m.79 views

CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, relate...

6.8CVSS7.4AI score0.00601EPSS
cve
cve
added 2012/12/21 5:46 a.m.77 views

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

5CVSS7.9AI score0.00725EPSS
cve
cve
added 2012/06/27 10:18 a.m.75 views

CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.6AI score0.01524EPSS
cve
cve
added 2013/05/22 1:29 p.m.72 views

CVE-2013-2842

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

7.5CVSS6.9AI score0.21099EPSS
cve
cve
added 2013/09/19 10:27 a.m.69 views

CVE-2013-1041

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2011/10/14 10:55 a.m.68 views

CVE-2011-3243

Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.

4.3CVSS5AI score0.00521EPSS
cve
cve
added 2013/09/19 10:27 a.m.62 views

CVE-2013-1038

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2011/10/14 10:55 a.m.61 views

CVE-2011-3256

FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before 5, Mandriva Enterprise Server 5, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font, a different vulnerability than CVE-2011-0226.

4.3CVSS7.1AI score0.0845EPSS
cve
cve
added 2011/10/14 10:55 a.m.59 views

CVE-2011-3246

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

5CVSS6AI score0.0086EPSS
cve
cve
added 2013/09/19 10:27 a.m.57 views

CVE-2013-1040

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2012/09/20 9:55 p.m.56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS
cve
cve
added 2013/03/20 2:55 p.m.56 views

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6CVSS5.5AI score0.00059EPSS
cve
cve
added 2013/09/19 10:27 a.m.56 views

CVE-2013-1039

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2013/03/20 2:55 p.m.55 views

CVE-2013-0981

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

7.2CVSS5.7AI score0.00045EPSS
cve
cve
added 2013/05/20 2:44 p.m.55 views

CVE-2013-0999

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/09/19 10:27 a.m.55 views

CVE-2013-1036

Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

6.8CVSS7.5AI score0.02238EPSS
cve
cve
added 2013/03/20 2:55 p.m.54 views

CVE-2013-0978

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1CVSS5.5AI score0.00061EPSS
cve
cve
added 2011/10/14 10:55 a.m.53 views

CVE-2011-3427

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

2.6CVSS5.1AI score0.0031EPSS
cve
cve
added 2013/05/20 2:44 p.m.53 views

CVE-2013-1003

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/05/24 4:43 p.m.53 views

CVE-2013-1019

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

9.3CVSS7.7AI score0.04963EPSS
cve
cve
added 2013/09/19 10:27 a.m.53 views

CVE-2013-1037

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS
cve
cve
added 2013/05/20 2:44 p.m.52 views

CVE-2013-1001

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/09/19 10:28 a.m.52 views

CVE-2013-5142

The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.

4.9CVSS4.9AI score0.00142EPSS
cve
cve
added 2011/10/14 10:55 a.m.51 views

CVE-2011-3260

Buffer overflow in OfficeImport in Apple iOS before 5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word document.

6.8CVSS7.8AI score0.01604EPSS
cve
cve
added 2011/10/14 10:55 a.m.51 views

CVE-2011-3426

Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before 5 allows remote web servers to inject arbitrary web script or HTML via a file accompanied by a "Content-Disposition: attachment" HTTP header.

4.3CVSS5AI score0.00875EPSS
cve
cve
added 2011/11/11 6:55 p.m.51 views

CVE-2011-3440

The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.

1.2CVSS5.6AI score0.00055EPSS
cve
cve
added 2011/11/11 6:55 p.m.51 views

CVE-2011-3442

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

7.2CVSS6.5AI score0.00048EPSS
cve
cve
added 2012/05/08 10:25 a.m.51 views

CVE-2012-0672

WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS7.7AI score0.01074EPSS
cve
cve
added 2013/05/20 2:44 p.m.51 views

CVE-2013-1004

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/05/20 2:44 p.m.51 views

CVE-2013-1005

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/09/19 10:27 a.m.51 views

CVE-2013-5125

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
cve
cve
added 2011/10/14 10:55 a.m.50 views

CVE-2011-3434

The WiFi component in Apple iOS before 5 stores WiFi credentials in an unspecified file, which makes it easier for remote attackers to obtain sensitive information via a crafted application.

4.3CVSS5.1AI score0.00493EPSS
cve
cve
added 2013/05/20 2:44 p.m.50 views

CVE-2013-1002

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/05/20 2:44 p.m.50 views

CVE-2013-1008

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/09/16 1:2 p.m.50 views

CVE-2013-1025

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

6.8CVSS7.8AI score0.01133EPSS
cve
cve
added 2013/09/19 10:28 a.m.49 views

CVE-2013-5156

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

4.3CVSS5.6AI score0.003EPSS
cve
cve
added 2011/10/14 10:55 a.m.48 views

CVE-2011-3259

The kernel in Apple iOS before 5 and Apple TV before 4.4 does not properly recover memory allocated for incomplete TCP connections, which allows remote attackers to cause a denial of service (resource consumption) by making many connection attempts.

5CVSS6.1AI score0.01558EPSS
cve
cve
added 2013/03/20 2:55 p.m.48 views

CVE-2013-0979

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9CVSS5.7AI score0.00036EPSS
cve
cve
added 2013/03/20 2:55 p.m.48 views

CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

2.1CVSS5.6AI score0.00053EPSS
cve
cve
added 2013/06/05 2:39 p.m.48 views

CVE-2013-3953

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

4.9CVSS4.9AI score0.00146EPSS
cve
cve
added 2011/11/11 6:55 p.m.47 views

CVE-2011-3441

libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.

4.3CVSS5.2AI score0.00493EPSS
cve
cve
added 2013/05/20 2:44 p.m.47 views

CVE-2013-1010

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS
cve
cve
added 2013/09/19 10:27 a.m.47 views

CVE-2013-1043

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.01866EPSS
cve
cve
added 2013/09/19 10:28 a.m.47 views

CVE-2013-5139

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.

9.3CVSS7.2AI score0.00912EPSS
Total number of security vulnerabilities121