Iphone Os@* Security Vulnerabilities and Issues — Iphone Os@* CVE List

Lucene search

AppleIphone Os*

100 matches found

CVE•added 2016/08/25 9:59 p.m.•1029 views

CVE-2016-4656

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.4AI score0.76221EPSS

In wild

CVE•added 2016/08/25 9:59 p.m.•982 views

CVE-2016-4655

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

7.1CVSS4.3AI score0.8245EPSS

In wild

CVE•added 2016/08/25 9:59 p.m.•898 views

CVE-2016-4657

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.2AI score0.81461EPSS

In wild

CVE•added 2016/09/25 10:59 a.m.•387 views

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free a...

10CVSS8AI score0.19344EPSS

CVE•added 2016/07/23 7:59 p.m.•303 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04195EPSS

CVE•added 2016/07/22 2:59 a.m.•173 views

CVE-2016-4622

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/05/20 10:59 a.m.•161 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.10773EPSS

CVE•added 2016/03/24 1:59 a.m.•141 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS

CVE•added 2016/09/25 10:59 a.m.•140 views

CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.7AI score0.07628EPSS

CVE•added 2016/05/20 10:59 a.m.•129 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS

CVE•added 2016/05/20 10:59 a.m.•122 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS

CVE•added 2016/05/20 10:59 a.m.•121 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01788EPSS

CVE•added 2016/05/20 10:59 a.m.•119 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.01214EPSS

CVE•added 2016/05/20 10:59 a.m.•116 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS

CVE•added 2016/05/20 10:59 a.m.•112 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS

CVE•added 2016/09/25 11:0 a.m.•105 views

CVE-2016-4768

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766,...

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•100 views

CVE-2016-4733

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/07/22 2:59 a.m.•95 views

CVE-2016-4623

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/07/22 2:59 a.m.•95 views

CVE-2016-4624

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/09/25 11:0 a.m.•95 views

CVE-2016-4767

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•91 views

CVE-2016-4735

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/07/22 2:59 a.m.•89 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/09/25 10:59 a.m.•88 views

CVE-2016-4734

9.6CVSS8.4AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•88 views

CVE-2016-4759

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•83 views

CVE-2016-4766

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/05/20 10:59 a.m.•78 views

CVE-2016-1841

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.01678EPSS

CVE•added 2016/09/25 10:59 a.m.•78 views

CVE-2016-4765

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•76 views

CVE-2016-4611

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

8.8CVSS8.3AI score0.08398EPSS

CVE•added 2016/05/20 11:0 a.m.•75 views

CVE-2016-1854

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/07/22 2:59 a.m.•73 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2016/05/20 10:59 a.m.•71 views

CVE-2016-1827

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, ...

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/09/25 10:59 a.m.•71 views

CVE-2016-4730

9.3CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 11:0 a.m.•71 views

CVE-2016-4773

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/07/22 3:0 a.m.•70 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•70 views

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

6.5CVSS6.4AI score0.04174EPSS

CVE•added 2016/03/24 1:59 a.m.•68 views

CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

9.3CVSS7.1AI score0.03453EPSS

CVE•added 2016/05/20 10:59 a.m.•68 views

CVE-2016-1828

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/09/25 10:59 a.m.•68 views

CVE-2016-4728

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

8.8CVSS8.4AI score0.01042EPSS

CVE•added 2016/05/20 11:0 a.m.•66 views

CVE-2016-1856

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/07/22 2:59 a.m.•65 views

CVE-2016-4607

9.8CVSS9.2AI score

CVE•added 2016/09/25 10:59 a.m.•65 views

CVE-2016-4712

CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted app.

9.3CVSS8.4AI score0.00263EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4772

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.

7.5CVSS7.2AI score0.03175EPSS

CVE•added 2016/09/25 11:0 a.m.•65 views

CVE-2016-4776

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/05/20 11:0 a.m.•64 views

CVE-2016-1857

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/09/25 11:0 a.m.•64 views

CVE-2016-4774

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/07/22 2:59 a.m.•63 views

CVE-2016-1863

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•63 views

CVE-2016-4726

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.3AI score0.00262EPSS

CVE•added 2016/09/25 11:0 a.m.•63 views

CVE-2016-4778

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.2AI score0.00262EPSS

CVE•added 2016/07/22 2:59 a.m.•62 views

CVE-2016-4631

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

8.8CVSS8.9AI score0.0271EPSS

CVE•added 2016/09/25 10:59 a.m.•62 views

CVE-2016-4725

IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.

8.1CVSS7.7AI score0.01307EPSS

Total number of security vulnerabilities100