Iphone Os

iphone_os

Vendor: Apple • 4,014 CVEs

CVEs (4,014)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-5155 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 7.1 HIGH· v2 The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
CVE-2013-5154 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restri...Show more The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.Show less
CVE-2013-5153 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 2.1 LOW· v2 Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
CVE-2013-5152 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-5151 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a fil...Show more Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.Show less
CVE-2013-5150 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 1.9 LOW· v2 The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended...Show more The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.Show less
CVE-2013-5149 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-n...Show more The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.Show less
CVE-2013-5147 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 3.7 LOW· v2 Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and...Show more Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.Show less
CVE-2013-5145 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.3 MEDIUM· v2 kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE-2013-5142 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API.
CVE-2013-5141 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 7.1 HIGH· v2 The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "i...Show more The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability."Show less
CVE-2013-5140 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 7.8 HIGH· v2 The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
CVE-2013-5139 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 9.3 HIGH· v2 The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
CVE-2013-5138 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.7 MEDIUM· v2 IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
CVE-2013-5137 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 2.6 LOW· v2 IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
CVE-2013-5131 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-5129 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-pa...Show more Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation.Show less
CVE-2013-5128 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-5127 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less
CVE-2013-5126 1Apple 1Iphone Os Apr 29, 2026 Sep 19, 2013 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other...Show more WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.Show less

Previous 1...180181182...201 Next