CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities Published In 2015 (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2017-09-13
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
2 CVE-2015-8035 399 DoS 2015-11-18 2017-09-13
2.6
None Remote High Not required None None Partial
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
3 CVE-2015-7995 DoS 2015-11-17 2017-09-09
5.0
None Remote Low Not required None None Partial
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
4 CVE-2015-7942 119 DoS Overflow 2015-11-18 2017-09-13
6.8
None Remote Medium Not required Partial Partial Partial
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
5 CVE-2015-7500 119 DoS Overflow 2015-12-15 2017-09-13
5.0
None Remote Low Not required None None Partial
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
6 CVE-2015-7499 119 Overflow +Info 2015-12-15 2017-09-13
5.0
None Remote Low Not required Partial None None
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
7 CVE-2015-7113 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
10.0
Admin Remote Low Not required Complete Complete Complete
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
8 CVE-2015-7112 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
9 CVE-2015-7111 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7112.
10 CVE-2015-7110 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
6.9
None Local Medium Not required Complete Complete Complete
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image.
11 CVE-2015-7109 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
12 CVE-2015-7107 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
13 CVE-2015-7105 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
14 CVE-2015-7103 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7102.
15 CVE-2015-7102 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, and CVE-2015-7103.
16 CVE-2015-7101 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
17 CVE-2015-7100 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
18 CVE-2015-7099 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
19 CVE-2015-7098 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
20 CVE-2015-7097 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
21 CVE-2015-7096 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
22 CVE-2015-7095 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
23 CVE-2015-7094 20 Bypass 2015-12-11 2017-09-12
2.6
None Remote High Not required None Partial None
CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
24 CVE-2015-7084 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
25 CVE-2015-7083 119 DoS Overflow +Priv Mem. Corr. 2015-12-11 2017-09-12
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
26 CVE-2015-7081 2015-12-11 2017-09-12
5.0
None Remote Low Not required Partial None None
iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
27 CVE-2015-7080 200 Bypass +Info 2015-12-11 2016-12-07
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
28 CVE-2015-7079 20 Exec Code 2015-12-11 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
29 CVE-2015-7075 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
30 CVE-2015-7074 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed media file.
31 CVE-2015-7073 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted SSL handshake.
32 CVE-2015-7072 20 Exec Code 2015-12-11 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
33 CVE-2015-7070 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069.
34 CVE-2015-7069 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070.
35 CVE-2015-7068 DoS Exec Code 2015-12-11 2017-09-12
9.3
Admin Remote Medium Not required Complete Complete Complete
IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an app that provides an unspecified userclient type.
36 CVE-2015-7066 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7064.
37 CVE-2015-7065 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
38 CVE-2015-7064 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-7066.
39 CVE-2015-7062 264 Bypass 2015-12-11 2017-09-12
4.6
None Local Low Not required Partial Partial Partial
Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.
40 CVE-2015-7058 200 +Info 2015-12-11 2017-09-12
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
41 CVE-2015-7055 284 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
42 CVE-2015-7054 19 Exec Code 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site.
43 CVE-2015-7053 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2017-09-12
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
44 CVE-2015-7051 264 Exec Code 2015-12-11 2016-12-07
9.3
Admin Remote Medium Not required Complete Complete Complete
MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
45 CVE-2015-7050 200 +Info 2015-12-11 2016-12-07
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site.
46 CVE-2015-7048 119 DoS Exec Code Overflow Mem. Corr. 2015-12-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7101, CVE-2015-7102, and CVE-2015-7103.
47 CVE-2015-7047 20 +Priv 2015-12-11 2017-09-12
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
48 CVE-2015-7046 200 Bypass +Info 2015-12-11 2017-09-12
2.6
None Remote High Not required Partial None None
The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.
49 CVE-2015-7043 DoS 2015-12-11 2017-09-12
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
50 CVE-2015-7042 DoS 2015-12-11 2017-09-12
4.3
None Remote Medium Not required None None Partial
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.
Total number of vulnerabilities : 379   Page : 1 (This Page)2 3 4 5 6 7 8
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.