Total
3661 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5193 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.7 MEDIUM | N/A |
The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials. | |||||
CVE-2013-0957 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.8 MEDIUM | N/A |
Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | |||||
CVE-2011-3050 | 3 Apple, Google, Opensuse | 5 Iphone Os, Itunes, Safari and 2 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 17.0.963.83 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element. | |||||
CVE-2012-3745 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
Off-by-one error in Telephony in Apple iOS before 6 allows remote attackers to cause a denial of service (buffer overflow and connectivity outage) via a crafted user-data header in an SMS message. | |||||
CVE-2012-3722 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2024-02-28 | 6.8 MEDIUM | N/A |
The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and in CoreMedia in iOS before 6, accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding. | |||||
CVE-2013-0954 | 1 Apple | 1 Iphone Os | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1. | |||||
CVE-2011-3102 | 2 Apple, Google | 2 Iphone Os, Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2011-3075 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2024-02-28 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in Google Chrome before 18.0.1025.151 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to style-application commands. | |||||
CVE-2013-0974 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.1 MEDIUM | N/A |
StoreKit in Apple iOS before 6.1 does not properly handle the disabling of JavaScript within the preferences configuration of Mobile Safari, which allows remote attackers to bypass intended access restrictions and execute JavaScript code via a web site with a Smart App Banner. | |||||
CVE-2012-3744 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
Telephony in Apple iOS before 6 uses an SMS message's return address as the displayed sender address, which allows remote attackers to spoof text communication via a message in which the return address does not match the originating address. | |||||
CVE-2012-3731 | 1 Apple | 1 Iphone Os | 2024-02-28 | 2.1 LOW | N/A |
Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||||
CVE-2013-0899 | 6 Apple, Google, Linux and 3 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2024-02-28 | 5.0 MEDIUM | N/A |
Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | |||||
CVE-2012-3606 | 1 Apple | 2 Iphone Os, Itunes | 2024-02-28 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | |||||
CVE-2013-1042 | 1 Apple | 1 Iphone Os | 2024-02-28 | 6.8 MEDIUM | N/A |
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | |||||
CVE-2012-0674 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | |||||
CVE-2012-3748 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 5.1 MEDIUM | N/A |
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays. | |||||
CVE-2012-0841 | 2 Apple, Xmlsoft | 2 Iphone Os, Libxml2 | 2024-02-28 | 5.0 MEDIUM | N/A |
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. | |||||
CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2024-02-28 | 1.9 LOW | N/A |
lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | |||||
CVE-2012-3701 | 1 Apple | 2 Iphone Os, Itunes | 2024-02-28 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. | |||||
CVE-2013-1003 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2024-02-28 | 9.3 HIGH | N/A |
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. |