Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1267 |
The Configuration Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 does not properly evaluate the expiration date of a mobile configuration profile, which allows attackers to bypass intended access restrictions by using a profile after the date has passed. Published: March 14, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-6835 |
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. Published: March 14, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5133 |
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. Published: March 14, 2014; 6:55:05 AM -0400 |
V3.x:(not available) V2.0: 8.8 HIGH |
CVE-2014-1266 |
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Published: February 22, 2014; 12:05:21 PM -0500 |
V3.1: 7.4 HIGH V2.0: 5.8 MEDIUM |
CVE-2014-2019 |
The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. Published: February 18, 2014; 6:55:17 AM -0500 |
V3.1: 4.6 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. Published: January 21, 2014; 1:55:09 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5228 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:33 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5225 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:33 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5199 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:33 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5198 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:33 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5197 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:28 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-5196 |
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1. Published: December 18, 2013; 11:04:28 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2013-3951 |
sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users to bypass cookie randomization by executing a program with a call-path beginning with the stack-guard= substring, as demonstrated by an iOS untethering attack or an attack against a setuid Mac OS X program. Published: June 05, 2013; 10:39:55 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |