Page 8 of 164 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. El subsistema Telephony en Apple iOS anterior a 7 no requiere conformidad del API para el acceso a las interfaces del demonio telefónico, el cual permite a los atacantes evitar restricciones establecidas sobre las llamadas telefónicas a través de una aplicación manipulada que envía peticiones directas al denomio. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 0

WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element. Vulnerabildad en WebKit para versiones Apple iOS anteriores a 7 permite a atacante remoto obtener información potencialmente sensible sobre el uso de la API window.webkitRequestAnimationFrame a través de un elemento IFRAME • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 1%CPEs: 52EXPL: 0

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2. WebKit, como se utiliza en Apple iOS anterior a 7, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un sitio web manipulado, una vulnerabilidad diferente a WebKit CVEs enumerados en APPLE-SA-2013-09-18-2. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://secunia.com/advisories/54886 http://support.apple.com/kb/HT5934 http://support.apple.com/kb/HT6001 http://www.securitytracker.com/id/1029054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 0%CPEs: 48EXPL: 0

Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. Protección de Datos en Apple iOS (anteriores a v7) permite a atacantes evitar los límites establecidos para la introducción incorrecta de contraseña, y consecuentemente evitar la configuración de Borrado de Datos, aprovechando la presencia de una aplicación en la sandbox de terceros. • http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://support.apple.com/kb/HT5934 http://www.securitytracker.com/id/1029054 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 3%CPEs: 50EXPL: 0

The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets. La implementación de IPv6 en el núcleo de Apple iOS anterior a 7 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de paquetes ICMPv6 manipulados. • http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html http://archives.neohapsis.com/archives/bugtraq/2014-09/0107.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html http://osvdb.org/97438 http://secunia.com/advisories/54886 http://support& • CWE-20: Improper Input Validation •