Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Iphone_os
(Apple)| Repositories |
• https://github.com/madler/zlib
• https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff |
| #Vulnerabilities | 3637 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-09-19 | CVE-2013-5157 | The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5156 | The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5155 | The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5154 | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5153 | Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5152 | Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5151 | Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5150 | The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5149 | The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | Iphone_os | N/A | ||
| 2013-09-19 | CVE-2013-5147 | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | Iphone_os | N/A |