Iphone Os Security Vulnerabilities and Issues — Iphone Os CVE List

Lucene search

AppleIphone Os

54 matches found

CVE•added 2015/12/15 9:59 p.m.•372 views

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

7.1CVSS6.2AI score0.04812EPSS

CVE•added 2015/12/15 9:59 p.m.•136 views

CVE-2015-7499

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

5CVSS7AI score0.01538EPSS

CVE•added 2015/12/15 9:59 p.m.•113 views

CVE-2015-7500

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

5CVSS6.5AI score0.05455EPSS

CVE•added 2015/12/15 9:59 p.m.•84 views

CVE-2015-8242

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

5.8CVSS6.8AI score0.02566EPSS

CVE•added 2015/12/11 11:59 a.m.•62 views

CVE-2015-7101

WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2...

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•60 views

CVE-2015-7096

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7098

6.8CVSS7.6AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•59 views

CVE-2015-7102

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•58 views

CVE-2015-7083

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7040

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7048

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•57 views

CVE-2015-7084

7.2CVSS7.9AI score0.00335EPSS

CVE•added 2015/12/11 11:59 a.m.•56 views

CVE-2015-7095

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7075

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.03398EPSS

CVE•added 2015/12/11 11:59 a.m.•55 views

CVE-2015-7097

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7042

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•54 views

CVE-2015-7099

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 12:0 p.m.•54 views

CVE-2015-7103

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7047

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.

7.2CVSS7.5AI score0.00746EPSS

CVE•added 2015/12/11 11:59 a.m.•53 views

CVE-2015-7054

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.

6.8CVSS8.9AI score0.01142EPSS

CVE•added 2015/12/11 12:0 p.m.•53 views

CVE-2015-7105

CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

6.8CVSS9AI score0.02531EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7041

4.3CVSS7.6AI score0.01078EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7046

The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.

2.6CVSS7.8AI score0.00738EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7074

CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.

6.8CVSS9AI score0.02828EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7081

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

5CVSS8AI score0.00529EPSS

CVE•added 2015/12/11 11:59 a.m.•52 views

CVE-2015-7100

6.8CVSS8.9AI score0.01093EPSS

CVE•added 2015/12/11 11:59 a.m.•51 views

CVE-2015-7050

WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.

4.3CVSS5.3AI score0.00582EPSS

CVE•added 2015/12/11 12:0 p.m.•51 views

CVE-2015-7112

The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7038

Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.

6.8CVSS9AI score0.27364EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7058

Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.

4.3CVSS7.8AI score0.00524EPSS

CVE•added 2015/12/11 11:59 a.m.•49 views

CVE-2015-7064

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.

6.8CVSS9.1AI score0.01234EPSS

CVE•added 2015/12/11 12:0 p.m.•49 views

CVE-2015-7111

9.3CVSS8.8AI score0.19674EPSS

CVE•added 2015/12/11 11:59 a.m.•48 views

CVE-2015-7039

6.8CVSS9AI score0.27364EPSS

CVE•added 2015/12/11 11:59 a.m.•48 views

CVE-2015-7065

OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8CVSS9.1AI score0.01866EPSS

CVE•added 2015/12/11 11:59 a.m.•48 views

CVE-2015-7068

IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.

9.3CVSS8.5AI score0.04372EPSS

CVE•added 2015/12/11 11:59 a.m.•46 views

CVE-2015-7055

AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.00623EPSS

CVE•added 2015/12/11 11:59 a.m.•46 views

CVE-2015-7062

Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.

4.6CVSS7.8AI score0.00062EPSS

CVE•added 2015/12/11 11:59 a.m.•45 views

CVE-2015-7073

Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.

6.8CVSS9.2AI score0.03398EPSS

CVE•added 2015/12/11 12:0 p.m.•45 views

CVE-2015-7110

The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.

6.9CVSS8AI score0.0013EPSS

CVE•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7001

AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.

6.8CVSS7.7AI score0.0091EPSS

CVE•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7053

ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8CVSS9AI score0.03398EPSS

CVE•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7066

6.8CVSS9.1AI score0.01234EPSS

CVE•added 2015/12/11 11:59 a.m.•44 views

CVE-2015-7072

dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS6.9AI score0.0101EPSS

CVE•added 2015/12/11 12:0 p.m.•44 views

CVE-2015-7109

IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS8.9AI score0.00868EPSS

CVE•added 2015/12/11 12:0 p.m.•42 views

CVE-2015-7113

The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.

10CVSS7.3AI score0.00868EPSS

CVE•added 2015/12/11 11:59 a.m.•41 views

CVE-2015-7069

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.

9.3CVSS6.9AI score0.00867EPSS

CVE•added 2015/12/11 11:59 a.m.•41 views

CVE-2015-7080

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.

2.1CVSS5.3AI score0.00068EPSS

CVE•added 2015/12/11 11:59 a.m.•41 views

CVE-2015-7094

CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.

2.6CVSS7.7AI score0.00336EPSS

CVE•added 2015/12/11 12:0 p.m.•41 views

CVE-2015-7107

QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.

6.8CVSS8.8AI score0.02388EPSS

Total number of security vulnerabilities54