Vulnerabilities > Apple > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-19 | CVE-2013-5151 | Cross-Site Scripting vulnerability in Apple Iphone OS Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | 4.3 |
| 2013-09-19 | CVE-2013-5149 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | 4.3 |
| 2013-09-19 | CVE-2013-5145 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | 6.3 |
| 2013-09-19 | CVE-2013-5142 | Information Exposure vulnerability in Apple Iphone OS The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2) segctl API. | 4.9 |
| 2013-09-19 | CVE-2013-5138 | Denial of Service vulnerability in Apple iPhone/iPad/iPod touch Prior to iOS 7 IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. local apple | 4.7 |
| 2013-09-19 | CVE-2013-5131 | Cross-Site Scripting vulnerability in Apple Iphone OS Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
| 2013-09-19 | CVE-2013-5129 | Cross-Site Scripting vulnerability in Apple Iphone OS Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. | 4.3 |
| 2013-09-19 | CVE-2013-5128 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 6.8 |
| 2013-09-19 | CVE-2013-5127 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 6.8 |
| 2013-09-19 | CVE-2013-5126 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. | 6.8 |