Total
3596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2824 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG painting. | |||||
CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2023-12-10 | 4.3 MEDIUM | N/A |
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | |||||
CVE-2013-5160 | 1 Apple | 1 Iphone Os | 2023-12-10 | 3.3 LOW | N/A |
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference. | |||||
CVE-2011-3078 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in Google Chrome before 18.0.1025.168 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the floating of elements, a different vulnerability than CVE-2011-3081. | |||||
CVE-2013-1039 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
CVE-2013-0950 | 1 Apple | 1 Iphone Os | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
CVE-2013-1008 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
CVE-2013-1040 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2023-12-10 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
CVE-2012-2870 | 3 Apple, Google, Xmlsoft | 3 Iphone Os, Chrome, Libxslt | 2023-12-10 | 4.3 MEDIUM | N/A |
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c. | |||||
CVE-2013-3950 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.0 MEDIUM | N/A |
Stack-based buffer overflow in the openSharedCacheFile function in dyld.cpp in dyld in Apple iOS 5.1.x and 6.x through 6.1.3 makes it easier for attackers to conduct untethering attacks via a long string in the DYLD_SHARED_CACHE_DIR environment variable. | |||||
CVE-2011-3053 | 3 Apple, Google, Opensuse | 5 Iphone Os, Itunes, Safari and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to block splitting. | |||||
CVE-2012-3737 | 1 Apple | 1 Iphone Os | 2023-12-10 | 2.1 LOW | N/A |
The Passcode Lock implementation in Apple iOS before 6 does not properly restrict photo viewing, which allows physically proximate attackers to view arbitrary stored photos by spoofing a time value. | |||||
CVE-2012-3722 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2023-12-10 | 6.8 MEDIUM | N/A |
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | |||||
CVE-2013-1006 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
CVE-2013-5140 | 1 Apple | 1 Iphone Os | 2023-12-10 | 7.8 HIGH | N/A |
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | |||||
CVE-2012-3745 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.0 MEDIUM | N/A |
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | |||||
CVE-2012-2889 | 2 Apple, Google | 2 Iphone Os, Chrome | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Google Chrome before 22.0.1229.79 allows remote attackers to inject arbitrary web script or HTML via vectors involving frames, aka "Universal XSS (UXSS)." | |||||
CVE-2013-0977 | 1 Apple | 2 Iphone Os, Tvos | 2023-12-10 | 4.6 MEDIUM | N/A |
dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments. | |||||
CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2023-12-10 | 6.3 MEDIUM | N/A |
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | |||||
CVE-2011-3069 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to line boxes. |