Iphone Os@5.0 Security Vulnerabilities and Issues — Iphone Os@5.0 CVE List

Lucene search

AppleIphone Os5.0

103 matches found

CVE•added 2012/11/03 5:55 p.m.•154 views

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

5.1CVSS7.5AI score0.30417EPSS

CVE•added 2013/09/19 10:27 a.m.•112 views

CVE-2013-1047

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2012/05/16 12:55 a.m.•87 views

CVE-2011-3102

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.5AI score0.02013EPSS

CVE•added 2012/08/31 7:55 p.m.•84 views

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xs...

4.3CVSS6.6AI score0.00906EPSS

CVE•added 2013/09/19 10:27 a.m.•83 views

CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

6.1CVSS4.1AI score0.01129EPSS

CVE•added 2012/11/28 1:55 a.m.•82 views

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML docum...

6.8CVSS9.7AI score0.02065EPSS

CVE•added 2012/08/31 7:55 p.m.•79 views

CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, relate...

6.8CVSS7.4AI score0.00601EPSS

CVE•added 2012/12/21 5:46 a.m.•77 views

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

5CVSS7.9AI score0.00725EPSS

CVE•added 2012/06/27 10:18 a.m.•75 views

CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.6AI score0.01524EPSS

CVE•added 2013/05/22 1:29 p.m.•72 views

CVE-2013-2842

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

7.5CVSS6.9AI score0.21099EPSS

CVE•added 2013/09/19 10:27 a.m.•69 views

CVE-2013-1041

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/09/19 10:27 a.m.•62 views

CVE-2013-1038

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/09/19 10:27 a.m.•57 views

CVE-2013-1040

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2012/09/20 9:55 p.m.•56 views

CVE-2012-3722

The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

6.8CVSS7.5AI score0.02122EPSS

CVE•added 2013/03/20 2:55 p.m.•56 views

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6CVSS5.5AI score0.00059EPSS

CVE•added 2013/09/19 10:27 a.m.•56 views

CVE-2013-1039

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/03/20 2:55 p.m.•55 views

CVE-2013-0981

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

7.2CVSS5.7AI score0.00045EPSS

CVE•added 2013/05/20 2:44 p.m.•55 views

CVE-2013-0999

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•55 views

CVE-2013-1036

Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

6.8CVSS7.5AI score0.02238EPSS

CVE•added 2013/03/20 2:55 p.m.•54 views

CVE-2013-0978

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1CVSS5.5AI score0.00061EPSS

CVE•added 2013/05/20 2:44 p.m.•53 views

CVE-2013-1003

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/24 4:43 p.m.•53 views

CVE-2013-1019

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

9.3CVSS7.7AI score0.04963EPSS

CVE•added 2013/09/19 10:27 a.m.•53 views

CVE-2013-1037

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/05/20 2:44 p.m.•52 views

CVE-2013-1001

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:28 a.m.•52 views

CVE-2013-5142

The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.

4.9CVSS4.9AI score0.00142EPSS

CVE•added 2011/11/11 6:55 p.m.•51 views

CVE-2011-3442

The kernel in Apple iOS before 5.0.1 does not ensure the validity of flag combinations for an mmap system call, which allows local users to execute arbitrary unsigned code via a crafted app.

7.2CVSS6.5AI score0.00048EPSS

CVE•added 2012/05/08 10:25 a.m.•51 views

CVE-2012-0672

WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

6.8CVSS7.7AI score0.01074EPSS

CVE•added 2013/05/20 2:44 p.m.•51 views

CVE-2013-1004

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•51 views

CVE-2013-1005

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•51 views

CVE-2013-5125

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/05/20 2:44 p.m.•50 views

CVE-2013-1002

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•50 views

CVE-2013-1008

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/16 1:2 p.m.•50 views

CVE-2013-1025

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

6.8CVSS7.8AI score0.01133EPSS

CVE•added 2013/09/19 10:28 a.m.•49 views

CVE-2013-5156

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

4.3CVSS5.6AI score0.003EPSS

CVE•added 2013/03/20 2:55 p.m.•48 views

CVE-2013-0979

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9CVSS5.7AI score0.00036EPSS

CVE•added 2013/03/20 2:55 p.m.•48 views

CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

2.1CVSS5.6AI score0.00053EPSS

CVE•added 2013/06/05 2:39 p.m.•48 views

CVE-2013-3953

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

4.9CVSS4.9AI score0.00146EPSS

CVE•added 2011/11/11 6:55 p.m.•47 views

CVE-2011-3441

libinfo in Apple iOS before 5.0.1 does not properly formulate domain-name queries, which allows remote attackers to obtain sensitive information via a crafted DNS hostname.

4.3CVSS5.2AI score0.00493EPSS

CVE•added 2013/05/20 2:44 p.m.•47 views

CVE-2013-1010

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•47 views

CVE-2013-1043

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:28 a.m.•47 views

CVE-2013-5139

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.

9.3CVSS7.2AI score0.00912EPSS

CVE•added 2012/09/20 9:55 p.m.•46 views

CVE-2012-3730

Mail in Apple iOS before 6 does not properly handle reuse of Content-ID header values, which allows remote attackers to spoof attachments via a header value that was also used in a previous e-mail message, as demonstrated by a message from a different sender.

4.3CVSS5.7AI score0.00409EPSS

CVE•added 2013/05/20 2:44 p.m.•46 views

CVE-2013-1000

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•46 views

CVE-2013-1007

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:28 a.m.•46 views

CVE-2013-5140

The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.

7.8CVSS6AI score0.0066EPSS

CVE•added 2012/05/08 10:25 a.m.•45 views

CVE-2012-0674

Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site.

4.3CVSS5.7AI score0.00359EPSS

CVE•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3735

The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the "Slide to Power Off" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen.

2.1CVSS5.6AI score0.00077EPSS

CVE•added 2012/09/20 9:55 p.m.•45 views

CVE-2012-3742

Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page.

5CVSS6AI score0.00377EPSS

CVE•added 2013/05/20 2:44 p.m.•45 views

CVE-2013-1006

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•45 views

CVE-2013-1044

6.8CVSS7.8AI score0.01866EPSS

Total number of security vulnerabilities103