Iphone Os Security Vulnerabilities and Issues — Page 2 of Iphone Os CVE List

Lucene search

AppleIphone Os

386 matches found

CVE•added 2015/09/18 10:59 a.m.•63 views

CVE-2015-5823

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-0...

6.8CVSS8.8AI score0.01538EPSS

CVE•added 2015/10/23 10:59 a.m.•63 views

CVE-2015-6992

CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017.

7.5CVSS7.4AI score0.02129EPSS

CVE•added 2015/08/16 11:59 p.m.•62 views

CVE-2015-3743

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.5AI score0.00998EPSS

CVE•added 2015/09/18 10:59 a.m.•62 views

CVE-2015-5805

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/09/18 10:59 a.m.•62 views

CVE-2015-5821

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-5935

ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.

6.8CVSS9.1AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•62 views

CVE-2015-6976

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•62 views

CVE-2015-7101

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/07/03 1:59 a.m.•61 views

CVE-2015-3658

The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypa...

6.8CVSS7.6AI score0.00273EPSS

CVE•added 2015/08/16 11:59 p.m.•61 views

CVE-2015-3740

6.8CVSS8.4AI score0.00998EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

4.3CVSS7.3AI score0.00466EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5796

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•61 views

CVE-2015-5810

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 12:0 p.m.•61 views

CVE-2015-5874

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

7.5CVSS7.4AI score0.03213EPSS

CVE•added 2015/10/23 9:59 p.m.•61 views

CVE-2015-5925

The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.

6.8CVSS7.5AI score0.01866EPSS

CVE•added 2015/10/23 10:59 a.m.•61 views

CVE-2015-6975

7.5CVSS9AI score0.02129EPSS

CVE•added 2015/10/23 9:59 p.m.•61 views

CVE-2015-7012

WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S...

6.8CVSS8.9AI score0.01645EPSS

CVE•added 2015/01/30 11:59 a.m.•60 views

CVE-2014-4479

WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulne...

6.8CVSS5.3AI score0.00913EPSS

CVE•added 2015/03/12 10:59 a.m.•60 views

CVE-2015-1061

IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.

9.3CVSS6.8AI score0.05405EPSS

CVE•added 2015/04/10 2:59 p.m.•60 views

CVE-2015-1105

The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.

5CVSS6.2AI score0.06234EPSS

CVE•added 2015/07/03 2:0 a.m.•60 views

CVE-2015-3719

TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.

6.8CVSS5.2AI score0.01404EPSS

CVE•added 2015/08/16 11:59 p.m.•60 views

CVE-2015-3748

6.8CVSS8.5AI score0.00998EPSS

CVE•added 2015/08/17 12:0 a.m.•60 views

CVE-2015-5761

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.

6.8CVSS8.7AI score0.0281EPSS

CVE•added 2015/09/18 10:59 a.m.•60 views

CVE-2015-5789

6.8CVSS7.8AI score0.01538EPSS

CVE•added 2015/09/18 10:59 a.m.•60 views

CVE-2015-5801

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/09/18 10:59 a.m.•60 views

CVE-2015-5804

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/09/18 10:59 a.m.•60 views

CVE-2015-5813

6.8CVSS8.8AI score0.01093EPSS

CVE•added 2015/09/18 10:59 a.m.•60 views

CVE-2015-5844

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.

9.3CVSS7AI score0.01466EPSS

CVE•added 2015/09/18 12:0 p.m.•60 views

CVE-2015-5868

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.

7.2CVSS6AI score0.02023EPSS

CVE•added 2015/10/23 9:59 p.m.•60 views

CVE-2015-7010

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•60 views

CVE-2015-7096

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/01/30 11:59 a.m.•59 views

CVE-2014-4496

The mach_port_kobject interface in the kernel in Apple iOS before 8.1.3 and Apple TV before 7.0.3 does not properly restrict kernel-address and heap-permutation information, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.

5CVSS5.4AI score0.00664EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1074

WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03...

6.8CVSS7.8AI score0.00787EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1078

6.8CVSS7.8AI score0.00913EPSS

CVE•added 2015/03/18 10:59 p.m.•59 views

CVE-2015-1083

6.8CVSS7.8AI score0.00861EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3731

6.8CVSS8.5AI score0.00998EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3744

6.8CVSS8.4AI score0.01081EPSS

CVE•added 2015/08/16 11:59 p.m.•59 views

CVE-2015-3752

The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive informatio...

5CVSS6.9AI score0.01115EPSS

CVE•added 2015/09/18 10:59 a.m.•59 views

CVE-2015-5794

6.8CVSS8.8AI score0.01009EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5929

6.8CVSS8.9AI score0.0108EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-5939

6.8CVSS7.5AI score0.02828EPSS

CVE•added 2015/10/23 9:59 p.m.•59 views

CVE-2015-7009

FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6...

6.8CVSS7.4AI score0.03768EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7083

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7098

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7102

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/01/30 11:59 a.m.•58 views

CVE-2014-4493

The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app.

7.5CVSS5.4AI score0.00213EPSS

CVE•added 2015/03/18 10:59 p.m.•58 views

CVE-2015-1076

6.8CVSS8.8AI score0.00805EPSS

CVE•added 2015/04/10 2:59 p.m.•58 views

CVE-2015-1101

The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9CVSS7AI score0.00071EPSS

CVE•added 2015/05/08 12:59 a.m.•58 views

CVE-2015-1155

The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

4.3CVSS7.7AI score0.5513EPSS

Total number of security vulnerabilities386