Vulnerabilities > Apple > Iphone OS > 6.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5152 | Improper Input Validation vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | 4.3 |
| 2013-09-19 | CVE-2013-5151 | Cross-Site Scripting vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | 4.3 |
| 2013-09-19 | CVE-2013-5150 | Information Exposure vulnerability in Apple Iphone OS The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation. | 1.9 |
| 2013-09-19 | CVE-2013-5149 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | 4.3 |
| 2013-09-19 | CVE-2013-5147 | Race Condition vulnerability in Apple Iphone OS Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card. | 3.7 |
| 2013-09-19 | CVE-2013-5145 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | 6.3 |
| 2013-09-19 | CVE-2013-5142 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | 4.9 |
| 2013-09-19 | CVE-2013-5141 | Numeric Errors vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted application, related to an "integer truncation vulnerability." | 7.1 |
| 2013-09-19 | CVE-2013-5140 | Improper Input Validation vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment. | 7.8 |
| 2013-09-19 | CVE-2013-5139 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application. | 9.3 |