Vulnerabilities > Apple > Iphone OS > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-09-19 | CVE-2013-5145 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | 6.3 |
2013-09-19 | CVE-2013-5142 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | 4.9 |
2013-09-19 | CVE-2013-5141 | Numeric Errors vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | 7.1 |
2013-09-19 | CVE-2013-5140 | Improper Input Validation vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | 7.8 |
2013-09-19 | CVE-2013-5139 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | 9.3 |
2013-09-19 | CVE-2013-5138 | Denial of Service vulnerability in Apple iPhone/iPad/iPod touch Prior to iOS 7 IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. local apple | 4.7 |
2013-09-19 | CVE-2013-5137 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | 2.6 |
2013-09-19 | CVE-2013-5131 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2013-09-19 | CVE-2013-5129 | Cross-Site Scripting vulnerability in Apple Iphone OS Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | 4.3 |
2013-09-19 | CVE-2013-5128 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 6.8 |