Iphone Os@6.0 Security Vulnerabilities and Issues — Iphone Os@6.0 CVE List

Lucene search

AppleIphone Os6.0

97 matches found

CVE•added 2013/09/19 10:27 a.m.•112 views

CVE-2013-1047

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2012/05/16 12:55 a.m.•87 views

CVE-2011-3102

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.5AI score0.02013EPSS

CVE•added 2012/08/31 7:55 p.m.•84 views

CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xs...

4.3CVSS6.6AI score0.00906EPSS

CVE•added 2013/09/19 10:27 a.m.•83 views

CVE-2011-2391

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.

6.1CVSS4.1AI score0.01129EPSS

CVE•added 2012/11/28 1:55 a.m.•82 views

CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML docum...

6.8CVSS9.7AI score0.02065EPSS

CVE•added 2012/08/31 7:55 p.m.•79 views

CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, relate...

6.8CVSS7.4AI score0.00601EPSS

CVE•added 2012/12/21 5:46 a.m.•77 views

CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

5CVSS7.9AI score0.00725EPSS

CVE•added 2012/06/27 10:18 a.m.•75 views

CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

6.8CVSS6.6AI score0.01524EPSS

CVE•added 2013/05/22 1:29 p.m.•72 views

CVE-2013-2842

Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

7.5CVSS6.9AI score0.21099EPSS

CVE•added 2013/09/19 10:27 a.m.•69 views

CVE-2013-1041

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2012/06/27 10:18 a.m.•68 views

CVE-2012-2824

Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting.

7.5CVSS7AI score0.01062EPSS

CVE•added 2012/10/11 10:51 a.m.•63 views

CVE-2012-5112

Use-after-free vulnerability in the SVG implementation in WebKit, as used in Google Chrome before 22.0.1229.94, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS9.2AI score0.04592EPSS

CVE•added 2013/09/19 10:27 a.m.•62 views

CVE-2013-1038

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/01/29 5:58 a.m.•59 views

CVE-2013-0964

The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locations in the first kernel-memory page by specifying a length of less than one page.

3.6CVSS5.4AI score0.00063EPSS

CVE•added 2013/09/19 10:27 a.m.•57 views

CVE-2013-1040

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/03/20 2:55 p.m.•56 views

CVE-2013-0977

dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments.

4.6CVSS5.5AI score0.00059EPSS

CVE•added 2013/09/19 10:27 a.m.•56 views

CVE-2013-1039

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2013/03/20 2:55 p.m.•55 views

CVE-2013-0981

The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.

7.2CVSS5.7AI score0.00045EPSS

CVE•added 2013/05/20 2:44 p.m.•55 views

CVE-2013-0999

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-0...

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•55 views

CVE-2013-1036

Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

6.8CVSS7.5AI score0.02238EPSS

CVE•added 2013/03/20 2:55 p.m.•54 views

CVE-2013-0978

The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ensure that it has been invoked in an abort context, which makes it easier for local users to bypass the ASLR protection mechanism via crafted code.

2.1CVSS5.5AI score0.00061EPSS

CVE•added 2013/05/20 2:44 p.m.•53 views

CVE-2013-1003

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/24 4:43 p.m.•53 views

CVE-2013-1019

Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.

9.3CVSS7.7AI score0.04963EPSS

CVE•added 2013/09/19 10:27 a.m.•53 views

CVE-2013-1037

6.8CVSS7.8AI score0.02313EPSS

CVE•added 2012/09/13 10:30 a.m.•52 views

CVE-2012-3606

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1.

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2013/01/29 5:58 a.m.•52 views

CVE-2013-0958

WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.

6.8CVSS7.8AI score0.01314EPSS

CVE•added 2013/05/20 2:44 p.m.•52 views

CVE-2013-1001

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:28 a.m.•52 views

CVE-2013-5142

The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.

4.9CVSS4.9AI score0.00142EPSS

CVE•added 2012/11/14 12:30 p.m.•51 views

CVE-2012-2619

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to cause a denial of service (out-of-bounds read and Wi-Fi outage) via an RSN 802.11i information element.

7.8CVSS6.4AI score0.26529EPSS

CVE•added 2012/09/26 10:56 a.m.•51 views

CVE-2012-2889

Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)."

4.3CVSS7AI score0.00389EPSS

CVE•added 2013/05/20 2:44 p.m.•51 views

CVE-2013-1004

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•51 views

CVE-2013-1005

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•51 views

CVE-2013-5125

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2012/08/06 3:55 p.m.•50 views

CVE-2012-2857

Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c...

6.8CVSS7AI score0.01383EPSS

CVE•added 2013/05/20 2:44 p.m.•50 views

CVE-2013-1002

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/05/20 2:44 p.m.•50 views

CVE-2013-1008

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/16 1:2 p.m.•50 views

CVE-2013-1025

Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.

6.8CVSS7.8AI score0.01133EPSS

CVE•added 2012/09/13 10:30 a.m.•49 views

CVE-2012-3632

9.3CVSS7.8AI score0.01274EPSS

CVE•added 2013/09/19 10:28 a.m.•49 views

CVE-2013-5156

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.

4.3CVSS5.6AI score0.003EPSS

CVE•added 2013/01/29 5:58 a.m.•48 views

CVE-2013-0963

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID.

2.1CVSS5.9AI score0.00035EPSS

CVE•added 2013/03/20 2:55 p.m.•48 views

CVE-2013-0979

lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink.

1.9CVSS5.7AI score0.00036EPSS

CVE•added 2013/03/20 2:55 p.m.•48 views

CVE-2013-0980

The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.

2.1CVSS5.6AI score0.00053EPSS

CVE•added 2013/06/05 2:39 p.m.•48 views

CVE-2013-3953

The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU kernel in Apple Mac OS X 10.8.x does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted call.

4.9CVSS4.9AI score0.00146EPSS

CVE•added 2013/01/29 5:58 a.m.•47 views

CVE-2013-0953

6.8CVSS7.8AI score0.01314EPSS

CVE•added 2013/01/29 5:58 a.m.•47 views

CVE-2013-0962

Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.

2.6CVSS5AI score0.00322EPSS

CVE•added 2013/05/20 2:44 p.m.•47 views

CVE-2013-1010

9.3CVSS7.5AI score0.01302EPSS

CVE•added 2013/09/19 10:27 a.m.•47 views

CVE-2013-1043

6.8CVSS7.8AI score0.01866EPSS

CVE•added 2013/09/19 10:28 a.m.•47 views

CVE-2013-5139

The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.

9.3CVSS7.2AI score0.00912EPSS

CVE•added 2012/09/13 10:30 a.m.•46 views

CVE-2012-3621

9.3CVSS7.8AI score0.01247EPSS

CVE•added 2013/01/29 5:58 a.m.•46 views

CVE-2013-0948

6.8CVSS7.8AI score0.01314EPSS

Total number of security vulnerabilities97