U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*
There are 2,532 matching records.
Displaying matches 2,141 through 2,160.
Vuln ID Summary CVSS Severity
CVE-2014-1281

Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-1280

Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to cause a denial of service (NULL pointer dereference and device hang) via a crafted video file with MPEG-4 encoding.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2014-1278

The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access and device crash) via a crafted call.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2014-1276

IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1275

Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before 6.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted JPEG2000 data in a PDF document.

Published: March 14, 2014; 6:55:06 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-1274

FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2014-1273

dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass code-signing requirements by leveraging use of text-relocation instructions in a dynamic library.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-1272

CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 6.3 MEDIUM
CVE-2014-1271

CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not properly validate IOKit API calls, which allows attackers to cause a denial of service (assertion failure and device crash) via a crafted app.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-1267

The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2013-6835

TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2013-5133

Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.

Published: March 14, 2014; 6:55:05 AM -0400
V3.x:(not available)
V2.0: 8.8 HIGH
CVE-2014-2019

The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value.

Published: February 18, 2014; 6:55:17 AM -0500
V3.1: 4.6 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2014-1252

Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Word file.

Published: January 24, 2014; 10:08:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-5228

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:33 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5225

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:33 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5199

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:33 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5198

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:33 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5197

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:28 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-5196

WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.

Published: December 18, 2013; 11:04:28 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM