Export limit exceeded: 363282 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5149 1 Apple 1 Iphone Os 2025-04-11 N/A
The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process.
CVE-2013-5150 1 Apple 1 Iphone Os 2025-04-11 N/A
The history-clearing feature in Safari in Apple iOS before 7 does not clear the back/forward history of an open tab, which allows physically proximate attackers to obtain sensitive information by leveraging an unattended workstation.
CVE-2013-5151 1 Apple 1 Iphone Os 2025-04-11 N/A
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
CVE-2013-5152 1 Apple 1 Iphone Os 2025-04-11 N/A
Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site.
CVE-2013-5153 1 Apple 1 Iphone Os 2025-04-11 N/A
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
CVE-2013-5154 1 Apple 1 Iphone Os 2025-04-11 N/A
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application.
CVE-2013-5155 1 Apple 1 Iphone Os 2025-04-11 N/A
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
CVE-2013-5156 1 Apple 1 Iphone Os 2025-04-11 N/A
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
CVE-2013-5157 1 Apple 1 Iphone Os 2025-04-11 N/A
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon.
CVE-2013-5158 1 Apple 1 Iphone Os 2025-04-11 N/A
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors.
CVE-2013-5159 1 Apple 1 Iphone Os 2025-04-11 N/A
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
CVE-2013-5160 1 Apple 1 Iphone Os 2025-04-11 N/A
Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by making a series of taps of the emergency-call button to trigger a NULL pointer dereference.
CVE-2013-5161 1 Apple 1 Iphone Os 2025-04-11 N/A
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors.
CVE-2013-5162 1 Apple 1 Iphone Os 2025-04-11 N/A
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app.
CVE-2013-5163 1 Apple 1 Mac Os X 2025-04-11 N/A
Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update allows local users to bypass password-based authentication and modify arbitrary Directory Services records via unspecified vectors.
CVE-2013-5164 1 Apple 1 Iphone Os 2025-04-11 N/A
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by visiting the Contacts pane.
CVE-2013-4505 1 Apache 2 Mod Dontdothat, Subversion 2025-04-11 N/A
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.
CVE-2013-4507 1 Collectiveaccess 2 Pawtucket, Providence 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4508 3 Debian, Lighttpd, Opensuse 3 Debian Linux, Lighttpd, Opensuse 2025-04-11 7.5 High
lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ciphers, which makes it easier for remote attackers to hijack sessions by inserting packets into the client-server data stream or obtain sensitive information by sniffing the network.
CVE-2013-4509 2 Ibus Project, Opensuse 2 Ibus, Opensuse 2025-04-11 N/A
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.