The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x through 6.1.3 on iPad devices does not properly validate the header of an AppleDouble file, which might allow local users to cause a denial of service (memory corruption) or have unspecified other impact via an invalid file on an msdosfs filesystem.
CVSS Score
6.2
EPSS Score
0.002
Published
2013-06-05
Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 and earlier for iOS on the iPad, and 3.15.1 and earlier for iOS on the iPhone and iPod touch, allows remote attackers to inject arbitrary web script or HTML via vectors involving use of this app in conjunction with a web browser.
CVSS Score
4.3
EPSS Score
0.003
Published
2012-08-07
Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.
CVSS Score
6.8
EPSS Score
0.04
Published
2011-03-10
Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity (TMSI) field.
CVSS Score
6.8
EPSS Score
0.045
Published
2010-11-26
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors.
CVSS Score
6.4
EPSS Score
0.008
Published
2010-08-25
Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe.
CVSS Score
6.9
EPSS Score
0.003
Published
2010-08-05