Max CVSS 9.3 Min CVSS 2.1 Total Count69
IDCVSSSummaryLast (major) updatePublished
CVE-2011-2391 6.1
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
06-01-2017 - 21:59 19-09-2013 - 06:27
CVE-2013-1038 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
18-11-2016 - 15:01 19-09-2013 - 06:27
CVE-2013-1037 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
18-11-2016 - 14:30 19-09-2013 - 06:27
CVE-2013-1039 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
18-11-2016 - 14:08 19-09-2013 - 06:27
CVE-2013-1041 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
18-11-2016 - 14:08 19-09-2013 - 06:27
CVE-2013-1040 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
18-11-2016 - 14:07 19-09-2013 - 06:27
CVE-2013-1047 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
17-11-2016 - 15:44 19-09-2013 - 06:27
CVE-2013-5139 9.3
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
05-03-2014 - 23:48 19-09-2013 - 06:28
CVE-2013-5128 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:55 19-09-2013 - 06:27
CVE-2013-5127 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:55 19-09-2013 - 06:27
CVE-2013-5126 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:55 19-09-2013 - 06:27
CVE-2013-5125 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:55 19-09-2013 - 06:27
CVE-2013-2842 7.5
Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.
27-01-2014 - 23:53 22-05-2013 - 09:29
CVE-2013-1046 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:51 19-09-2013 - 06:27
CVE-2013-1045 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:51 19-09-2013 - 06:27
CVE-2013-1044 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:51 19-09-2013 - 06:27
CVE-2013-1043 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:51 19-09-2013 - 06:27
CVE-2013-1042 6.8
WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S
27-01-2014 - 23:51 19-09-2013 - 06:27
CVE-2012-5134 6.8
Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute ar
27-01-2014 - 23:48 27-11-2012 - 20:55
CVE-2012-2871 6.8
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have un
27-01-2014 - 23:45 31-08-2012 - 15:55
CVE-2012-2870 4.3
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identifi
27-01-2014 - 23:45 31-08-2012 - 15:55
CVE-2012-2825 5.0
The XSL implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-2807 6.8
Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:45 27-06-2012 - 06:18
CVE-2012-0841 5.0
libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.
27-01-2014 - 23:42 21-12-2012 - 00:46
CVE-2011-3102 6.8
Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.
27-01-2014 - 23:38 15-05-2012 - 20:55
CVE-2013-2848 5.0
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors.
02-11-2013 - 23:32 22-05-2013 - 09:29
CVE-2013-1019 9.3
Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with Sorenson encoding.
02-11-2013 - 23:30 24-05-2013 - 12:43
CVE-2013-1010 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1008 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1007 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1006 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1005 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1004 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1003 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1002 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1001 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-1000 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0999 9.3
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0998 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0997 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0996 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0995 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0994 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0993 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0992 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0991 6.8
WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability
02-11-2013 - 23:30 20-05-2013 - 10:44
CVE-2013-0926 6.8
Google Chrome before 26.0.1410.43 does not properly handle active content in an EMBED element during a copy-and-paste operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site.
02-11-2013 - 23:30 28-03-2013 - 08:18
CVE-2013-0879 7.5
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified othe
02-11-2013 - 23:30 23-02-2013 - 16:55
CVE-2013-5145 6.3
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
30-10-2013 - 23:35 19-09-2013 - 06:28
CVE-2013-5131 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
30-10-2013 - 23:35 19-09-2013 - 06:27
CVE-2013-5129 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.
30-10-2013 - 23:35 19-09-2013 - 06:27
CVE-2013-3954 6.9
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not properly validate the data for file actions and port actions, which allows local users to (1) cause a denial of service (panic) via a size value that is inconsistent with
30-10-2013 - 23:34 05-06-2013 - 10:39
CVE-2013-1036 6.8
Safari in Apple iOS before 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
30-10-2013 - 23:31 19-09-2013 - 06:27
CVE-2013-5154 4.3
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted applicati
25-10-2013 - 12:58 19-09-2013 - 06:28
CVE-2013-5149 4.3
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration proce
25-10-2013 - 12:56 19-09-2013 - 06:28
CVE-2013-4616 5.8
The WifiPasswordController generateDefaultPassword method in Preferences in Apple iOS 6 and earlier relies on the UITextChecker suggestWordInLanguage method for selection of Wi-Fi hotspot WPA2 PSK passphrases, which makes it easier for remote attacke
25-10-2013 - 12:37 18-06-2013 - 10:55
CVE-2013-5137 2.6
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
22-10-2013 - 16:04 19-09-2013 - 06:28
CVE-2013-5140 7.8
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
22-10-2013 - 15:59 19-09-2013 - 06:28
CVE-2013-5151 4.3
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
22-10-2013 - 15:53 19-09-2013 - 06:28
CVE-2013-5156 4.3
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
22-10-2013 - 15:52 19-09-2013 - 06:28
CVE-2013-5157 5.0
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
22-10-2013 - 15:26 19-09-2013 - 06:28
CVE-2013-5159 4.3
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
22-10-2013 - 15:20 19-09-2013 - 06:28
CVE-2013-5153 2.1
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
22-10-2013 - 15:07 19-09-2013 - 06:28
CVE-2013-5152 4.3
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
11-10-2013 - 09:17 19-09-2013 - 06:28
CVE-2013-5147 3.7
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
26-09-2013 - 23:47 19-09-2013 - 06:28
CVE-2013-1028 5.8
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a
26-09-2013 - 23:43 16-09-2013 - 09:02
CVE-2013-1026 6.8
Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.
26-09-2013 - 23:43 16-09-2013 - 09:02
CVE-2013-1025 6.8
Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JBIG2 data in a PDF document.
26-09-2013 - 23:43 16-09-2013 - 09:02
CVE-2013-1012 4.3
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements.
26-09-2013 - 23:43 05-06-2013 - 10:39
Back to Top Mark selected
Back to Top