Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
AppleIphone Os

3695 matches found

CVE
CVEadded 2015/08/16 11:59 p.m.53 views

CVE-2015-3746

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVE...

6.8CVSS8.4AI score0.01081EPSS
CVE
CVEadded 2015/08/16 11:59 p.m.53 views

CVE-2015-3750

WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to...

6.4CVSS6.8AI score0.00771EPSS
CVE
CVEadded 2015/08/17 12:0 a.m.53 views

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.

6.8CVSS8.7AI score0.0281EPSS
CVE
CVEadded 2015/09/18 10:59 a.m.53 views

CVE-2015-5795

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01538EPSS
CVE
CVEadded 2015/09/18 10:59 a.m.53 views

CVE-2015-5799

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01538EPSS
CVE
CVEadded 2015/09/18 10:59 a.m.53 views

CVE-2015-5807

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-S...

6.8CVSS8.8AI score0.01009EPSS
CVE
CVEadded 2015/09/18 10:59 a.m.53 views

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

4.3CVSS5.8AI score0.00664EPSS
CVE
CVEadded 2015/09/18 11:0 a.m.53 views

CVE-2015-5847

The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS6AI score0.00073EPSS
CVE
CVEadded 2015/09/18 12:0 p.m.53 views

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

3.3CVSS5.8AI score0.00452EPSS
CVE
CVEadded 2015/09/18 12:0 p.m.53 views

CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2CVSS5.9AI score0.00093EPSS
CVE
CVEadded 2015/09/18 12:0 p.m.53 views

CVE-2015-5916

The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature.

4.3CVSS5.2AI score0.00555EPSS
CVE
CVEadded 2015/10/23 9:59 p.m.53 views

CVE-2015-7023

CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.

5.8CVSS8.1AI score0.00742EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.53 views

CVE-2015-7041

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.

4.3CVSS7.6AI score0.01078EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.53 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.53 views

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.02828EPSS
CVE
CVEadded 2015/12/11 11:59 a.m.53 views

CVE-2015-7081

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS8AI score0.00529EPSS
CVE
CVEadded 2016/05/20 10:59 a.m.53 views

CVE-2016-1829

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, ...

9.3CVSS7.5AI score0.09639EPSS
CVE
CVEadded 2016/07/22 2:59 a.m.53 views

CVE-2016-4582

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

7.8CVSS7.6AI score0.00268EPSS
CVE
CVEadded 2017/02/20 8:59 a.m.53 views

CVE-2016-7584

An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "AppleMobileFileIntegrity" component, which allows remote attackers to spoof signed code by using ...

7.8CVSS6.6AI score0.00289EPSS
CVE
CVEadded 2017/02/20 8:59 a.m.53 views

CVE-2016-7607

An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component, which allows attackers to obtain sensitive information from kernel memory via a crafted app.

5.5CVSS4.9AI score0.00221EPSS
CVE
CVEadded 2017/04/02 1:59 a.m.53 views

CVE-2017-2393

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Safari Reader" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site.

6.1CVSS5.9AI score0.00263EPSS
CVE
CVEadded 2017/04/02 1:59 a.m.53 views

CVE-2017-2404

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.

7.5CVSS7.2AI score0.01094EPSS
CVE
CVEadded 2017/05/22 5:29 a.m.53 views

CVE-2017-2522

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreFoundation" component. It allows remote attackers to execute arbitrary code or cause a de...

9.8CVSS8.7AI score0.13046EPSS
CVE
CVEadded 2017/05/22 5:29 a.m.53 views

CVE-2017-2547

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we...

8.8CVSS8AI score0.57418EPSS
CVE
CVEadded 2017/05/22 5:29 a.m.53 views

CVE-2017-6979

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privil...

7.6CVSS7.3AI score0.02343EPSS
CVE
CVEadded 2017/05/22 5:29 a.m.53 views

CVE-2017-6987

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intended memory-read restrictions via a craf...

5.5CVSS5.4AI score0.00242EPSS
CVE
CVEadded 2018/04/03 6:29 a.m.53 views

CVE-2018-4140

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Telephony" component. It allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a Class 0 SMS message.

7.8CVSS6.3AI score0.01471EPSS
CVE
CVEadded 2018/04/03 6:29 a.m.53 views

CVE-2018-4149

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page.

8.8CVSS6.6AI score0.01661EPSS
CVE
CVEadded 2018/04/03 6:29 a.m.53 views

CVE-2018-4156

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "PluginKit" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.

7.6CVSS7.2AI score0.00169EPSS
CVE
CVEadded 2018/04/03 6:29 a.m.53 views

CVE-2018-4168

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "Files Widget" component. It allows physically proximate attackers to obtain sensitive information by leveraging the display of cached data on a locked device.

4.6CVSS4.2AI score0.00095EPSS
CVE
CVEadded 2019/04/03 6:29 p.m.53 views

CVE-2018-4460

A denial of service issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

6.5CVSS6.1AI score0.00702EPSS
CVE
CVEadded 2020/10/27 8:15 p.m.53 views

CVE-2019-8618

A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions.

7.5CVSS6.8AI score0.00289EPSS
CVE
CVEadded 2019/12/18 6:15 p.m.53 views

CVE-2019-8711

A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled.

5.3CVSS5.7AI score0.00363EPSS
CVE
CVEadded 2020/12/08 8:15 p.m.53 views

CVE-2020-9996

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious application may be able to elevate privileges.

7.8CVSS6.6AI score0.0031EPSS
CVE
CVEadded 2021/08/24 7:15 p.m.53 views

CVE-2021-30870

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. Previewing an html file attached to a note may unexpectedly contact remote servers.

6.5CVSS5.7AI score0.0025EPSS
CVE
CVEadded 2021/08/24 7:15 p.m.53 views

CVE-2021-30898

An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms.

5.5CVSS5AI score0.00058EPSS
CVE
CVEadded 2021/08/24 7:15 p.m.53 views

CVE-2021-30921

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible onscreen.

5.5CVSS5.3AI score0.00058EPSS
CVE
CVEadded 2022/11/01 8:15 p.m.53 views

CVE-2022-32827

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to cause a denial-of-service.

5.5CVSS5.9AI score0.00063EPSS
CVE
CVEadded 2022/11/01 8:15 p.m.53 views

CVE-2022-32925

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 16, iOS 16, watchOS 9. An app may be able to cause unexpected system termination or write kernel memory.

7.1CVSS6.8AI score0.0006EPSS
CVE
CVEadded 2024/07/29 9:15 p.m.53 views

CVE-2023-40396

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14, watchOS 10, tvOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.00065EPSS
CVE
CVEadded 2023/09/27 3:19 p.m.53 views

CVE-2023-40431

The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.

7.8CVSS7AI score0.0009EPSS
CVE
CVEadded 2024/09/17 12:15 a.m.53 views

CVE-2024-44171

This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18, watchOS 11. An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features.

4.6CVSS5.7AI score0.00051EPSS
CVE
CVEadded 2024/12/12 2:15 a.m.53 views

CVE-2024-44242

The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware.

9.8CVSS7.2AI score0.00329EPSS
CVE
CVEadded 2025/01/27 10:15 p.m.53 views

CVE-2025-24129

A type confusion issue was addressed with improved checks. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A remote attacker may cause an unexpected app termination.

7.5CVSS6AI score0.00189EPSS
CVE
CVEadded 2025/05/12 10:15 p.m.53 views

CVE-2025-31238

The issue was addressed with improved checks. This issue is fixed in watchOS 11.5, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to memory corruption.

7.3CVSS5.8AI score0.00074EPSS
CVE
CVEadded 2008/10/10 10:30 a.m.52 views

CVE-2008-4211

Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft ...

10CVSS7.3AI score0.13955EPSS
CVE
CVEadded 2009/06/10 6:0 p.m.52 views

CVE-2009-1700

The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document.

4.3CVSS7.6AI score0.0088EPSS
CVE
CVEadded 2009/08/12 7:30 p.m.52 views

CVE-2009-2199

Incomplete blacklist vulnerability in WebKit in Apple Safari before 4.0.3, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to spoof domain names in URLs, and possibly conduct phishing attacks, via unspecified homoglyphs.

5.8CVSS7.8AI score0.0142EPSS
CVE
CVEadded 2010/09/07 6:0 p.m.52 views

CVE-2010-3257

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google Chrome before 6.0.472.53, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving element focus.

9.3CVSS9AI score0.12151EPSS
CVE
CVEadded 2011/03/11 10:55 p.m.52 views

CVE-2011-0157

WebKit, as used in Apple iOS before 4.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-09-1.

7.5CVSS7.9AI score0.01607EPSS
Total number of security vulnerabilities3695