Iphone Os Security Vulnerabilities and Issues — Iphone Os CVE List

Lucene search

AppleIphone Os

168 matches found

CVE•added 2016/08/25 9:59 p.m.•1029 views

CVE-2016-4656

The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3CVSS7.4AI score0.76221EPSS

In wild

CVE•added 2016/08/25 9:59 p.m.•982 views

CVE-2016-4655

The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app.

7.1CVSS4.3AI score0.8245EPSS

In wild

CVE•added 2016/08/25 9:59 p.m.•898 views

CVE-2016-4657

WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.2AI score0.81461EPSS

In wild

CVE•added 2016/09/25 10:59 a.m.•387 views

CVE-2016-4658

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free a...

10CVSS8AI score0.19344EPSS

CVE•added 2016/07/23 7:59 p.m.•303 views

CVE-2016-5131

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

8.8CVSS7.8AI score0.04195EPSS

CVE•added 2016/03/13 6:59 p.m.•245 views

CVE-2016-1950

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.

8.8CVSS7.9AI score0.01752EPSS

CVE•added 2016/06/09 4:59 p.m.•223 views

CVE-2016-4447

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.

7.5CVSS8.1AI score0.02822EPSS

CVE•added 2016/06/09 4:59 p.m.•196 views

CVE-2016-4448

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

10CVSS9.5AI score0.01612EPSS

CVE•added 2016/02/07 1:59 a.m.•180 views

CVE-2016-0801

The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.

9.8CVSS7.6AI score0.46032EPSS

CVE•added 2016/07/22 2:59 a.m.•173 views

CVE-2016-4622

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/05/20 10:59 a.m.•161 views

CVE-2016-1839

The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.4AI score0.10773EPSS

CVE•added 2016/03/24 1:59 a.m.•145 views

CVE-2016-1757

Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.

9.3CVSS5.9AI score0.58452EPSS

CVE•added 2016/03/24 1:59 a.m.•141 views

CVE-2016-1762

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

8.1CVSS7AI score0.07342EPSS

CVE•added 2016/09/25 10:59 a.m.•140 views

CVE-2016-4738

libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

9.3CVSS8.7AI score0.07628EPSS

CVE•added 2016/05/20 10:59 a.m.•129 views

CVE-2016-1834

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML do...

9.3CVSS8.6AI score0.03922EPSS

CVE•added 2016/09/25 10:59 a.m.•125 views

CVE-2016-4618

Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."

6.1CVSS5.8AI score0.005EPSS

CVE•added 2016/05/20 10:59 a.m.•122 views

CVE-2016-1840

Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a cr...

7.8CVSS8.6AI score0.02142EPSS

CVE•added 2016/05/20 10:59 a.m.•121 views

CVE-2016-1837

Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a cr...

5.5CVSS6.6AI score0.01788EPSS

CVE•added 2016/05/20 10:59 a.m.•119 views

CVE-2016-1833

The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.01214EPSS

CVE•added 2016/05/20 10:59 a.m.•116 views

CVE-2016-1838

The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

5.5CVSS6.3AI score0.1065EPSS

CVE•added 2016/05/20 10:59 a.m.•115 views

CVE-2016-1835

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

8.8CVSS7.2AI score0.0217EPSS

CVE•added 2016/05/20 10:59 a.m.•112 views

CVE-2016-1836

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

5.5CVSS6.5AI score0.01153EPSS

CVE•added 2016/09/25 11:0 a.m.•105 views

CVE-2016-4768

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4765, CVE-2016-4766,...

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•100 views

CVE-2016-4733

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4734, and CVE-2016-4735.

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/07/22 2:59 a.m.•95 views

CVE-2016-4623

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/07/22 2:59 a.m.•95 views

CVE-2016-4624

8.8CVSS8.3AI score0.71482EPSS

CVE•added 2016/09/25 11:0 a.m.•95 views

CVE-2016-4767

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•91 views

CVE-2016-4735

9.3CVSS8.4AI score0.08398EPSS

CVE•added 2016/07/22 2:59 a.m.•89 views

CVE-2016-4609

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.2AI score

CVE•added 2016/09/25 10:59 a.m.•88 views

CVE-2016-4734

9.6CVSS8.4AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•88 views

CVE-2016-4759

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•83 views

CVE-2016-4766

8.8CVSS8.7AI score0.00976EPSS

CVE•added 2016/03/29 3:59 p.m.•78 views

CVE-2016-1760

The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.

6.2CVSS6.5AI score0.00056EPSS

CVE•added 2016/05/20 10:59 a.m.•78 views

CVE-2016-1841

libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.3AI score0.01678EPSS

CVE•added 2016/09/25 10:59 a.m.•78 views

CVE-2016-4765

8.8CVSS8.8AI score0.00976EPSS

CVE•added 2016/09/25 10:59 a.m.•76 views

CVE-2016-4611

WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.

8.8CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 10:59 a.m.•76 views

CVE-2016-4762

WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

8.8CVSS8.7AI score0.00919EPSS

CVE•added 2016/05/20 11:0 a.m.•75 views

CVE-2016-1854

WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/07/22 2:59 a.m.•73 views

CVE-2016-4615

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors...

9.8CVSS9.1AI score

CVE•added 2016/05/20 10:59 a.m.•71 views

CVE-2016-1827

The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1828, CVE-2016-1829, ...

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/09/25 10:59 a.m.•71 views

CVE-2016-4730

9.3CVSS8.3AI score0.08398EPSS

CVE•added 2016/09/25 11:0 a.m.•71 views

CVE-2016-4773

The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.

7.1CVSS6.8AI score0.00196EPSS

CVE•added 2016/07/22 3:0 a.m.•70 views

CVE-2016-4653

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.8CVSS7.6AI score0.00181EPSS

CVE•added 2016/09/25 10:59 a.m.•70 views

CVE-2016-4708

CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.

6.5CVSS6.4AI score0.04174EPSS

CVE•added 2016/03/24 1:59 a.m.•68 views

CVE-2016-1755

The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.

9.3CVSS7.1AI score0.03453EPSS

CVE•added 2016/05/20 10:59 a.m.•68 views

CVE-2016-1828

9.3CVSS7.5AI score0.05151EPSS

CVE•added 2016/09/25 10:59 a.m.•68 views

CVE-2016-4728

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.

8.8CVSS8.4AI score0.01042EPSS

CVE•added 2016/02/01 11:59 a.m.•66 views

CVE-2016-1723

WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.

9.3CVSS7.7AI score0.01695EPSS

CVE•added 2016/05/20 11:0 a.m.•66 views

CVE-2016-1856

8.8CVSS8.4AI score0.01359EPSS

CVE•added 2016/06/26 1:59 a.m.•65 views

CVE-2015-7987

Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.

9.8CVSS9.3AI score0.03085EPSS

Total number of security vulnerabilities168