National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:apple:iphone_os:6.1.4
There are 1,640 matching records.
Displaying matches 1621 through 1640.
Vuln ID Summary CVSS Severity
CVE-2013-1007

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:35 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1006

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1005

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1004

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1003

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1002

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1001

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-1000

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-0999

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published: May 20, 2013; 10:44:34 AM -04:00
    V2: 9.3 HIGH
CVE-2013-0879

Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

Published: February 23, 2013; 04:55:00 PM -05:00
    V2: 7.5 HIGH
CVE-2012-0841

libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.

Published: December 21, 2012; 12:46:14 AM -05:00
    V2: 5.0 MEDIUM
CVE-2012-5134

Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted entities in an XML document.

Published: November 27, 2012; 08:55:01 PM -05:00
    V2: 6.8 MEDIUM
CVE-2012-2871

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h.

Published: August 31, 2012; 03:55:01 PM -04:00
    V2: 6.8 MEDIUM
CVE-2012-2870

libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service (application crash) via a crafted XSLT expression that is not properly identified during XPath navigation, related to (1) the xsltCompileLocationPathPattern function in libxslt/pattern.c and (2) the xsltGenerateIdFunction function in libxslt/functions.c.

Published: August 31, 2012; 03:55:01 PM -04:00
    V2: 4.3 MEDIUM
CVE-2012-2807

Multiple integer overflows in libxml2, as used in Google Chrome before 20.0.1132.43 and other products, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: June 27, 2012; 06:18:38 AM -04:00
    V2: 6.8 MEDIUM
CVE-2011-3102

Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

Published: May 15, 2012; 08:55:03 PM -04:00
    V2: 6.8 MEDIUM
CVE-2011-3439

FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.

Published: November 11, 2011; 01:55:01 PM -05:00
    V2: 9.3 HIGH
CVE-2011-0154

WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Published: March 03, 2011; 03:00:02 PM -05:00
    V2: 7.6 HIGH
CVE-2010-2913

The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer.

Published: July 30, 2010; 09:26:18 AM -04:00
    V2: 2.1 LOW
CVE-2010-1029

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

Published: March 19, 2010; 05:30:00 PM -04:00
    V2: 5.0 MEDIUM