|
293591
|
- |
|
apple
|
iphone_os
|
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that emp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5149
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293592
|
- |
|
apple
|
iphone_os
|
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition invo…
|
CWE-362
Race Condition
|
CVE-2013-5147
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293593
|
- |
|
apple
|
iphone_os
|
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5145
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293594
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 does not initialize unspecified kernel data structures, which allows local users to obtain sensitive information from kernel stack memory via the (1) msgctl API or (2…
|
CWE-200
Information Exposure
|
CVE-2013-5142
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293595
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 uses an incorrect data size for a certain integer variable, which allows attackers to cause a denial of service (infinite loop and device hang) via a crafted applicat…
|
CWE-189
Numeric Errors
|
CVE-2013-5141
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293596
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
|
CWE-20
Improper Input Validation
|
CVE-2013-5140
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293597
|
- |
|
apple
|
iphone_os
|
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293598
|
- |
|
apple
|
iphone_os
|
IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application.
|
NVD-CWE-Other
|
CVE-2013-5138
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293599
|
- |
|
apple
|
iphone_os
|
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5137
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293600
|
- |
|
apple
|
iphone_os
|
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5131
|
2024-11-21 10:57 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
