CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-11122 200 +Info 2017-10-03 2017-11-02
5.0
None Remote Low Not required Partial None None
On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can trigger an information leak due to insufficient length validation, related to ICMPv6 router advertisement offloading.
2 CVE-2017-7146 254 2017-10-22 2017-10-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Security" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling.
3 CVE-2017-7145 275 2017-10-22 2017-10-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Time" component. The "Setting Time Zone" feature mishandles the possibility of using location data.
4 CVE-2017-7140 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Keyboard Suggestions" component. It allows attackers to obtain sensitive information by reading keyboard autocorrect suggestions.
5 CVE-2017-7133 310 +Info 2017-10-22 2017-10-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "MobileBackup" component. It allows remote attackers to obtain sensitive cleartext information in opportunistic circumstances by leveraging read access to a backup archive that was supposed to have been encrypted.
6 CVE-2017-7116 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic.
7 CVE-2017-7090 200 Bypass +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive cookie information via a custom URL scheme.
8 CVE-2017-7080 295 Bypass 2017-10-22 2017-10-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
9 CVE-2017-7078 200 +Info 2017-10-22 2017-10-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. The issue involves the "Mail Drafts" component. It allows remote attackers to obtain sensitive information by reading unintended cleartext transmissions.
10 CVE-2017-7063 399 DoS 2017-07-20 2017-07-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service (memory consumption and application crash).
11 CVE-2017-7007 400 DoS 2017-07-20 2017-07-24
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource consumption and application crash).
12 CVE-2017-2498 295 Bypass 2017-05-22 2017-07-07
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
13 CVE-2017-2497 601 2017-05-22 2017-07-07
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.
14 CVE-2017-2484 254 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Phone" component. It allows attackers to trigger telephone calls to arbitrary numbers via a third-party app.
15 CVE-2017-2461 399 DoS 2017-04-01 2017-07-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
16 CVE-2017-2450 125 DoS +Info 2017-04-01 2017-07-11
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
17 CVE-2017-2447 119 DoS Overflow Mem. Corr. +Info 2017-04-01 2017-08-15
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.
18 CVE-2017-2439 125 DoS +Info 2017-04-01 2017-07-11
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file.
19 CVE-2017-2419 284 Bypass 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors.
20 CVE-2017-2414 20 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address.
21 CVE-2017-2404 254 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Quick Look" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016.
22 CVE-2017-2400 200 +Info 2017-04-01 2017-07-11
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "SafariViewController" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing.
23 CVE-2017-2389 284 DoS 2017-04-01 2017-07-11
5.8
None Remote Medium Not required None Partial Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof an HTTP authentication sheet or cause a denial of service via a crafted web site.
24 CVE-2017-2380 326 Bypass 2017-04-01 2017-06-21
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the Simple Certificate Enrollment Protocol (SCEP) implementation in the "Profiles" component. It allows remote attackers to bypass cryptographic protection mechanisms by leveraging DES support.
25 CVE-2017-2377 119 DoS Overflow Mem. Corr. 2017-04-01 2017-07-11
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit Web Inspector" component. It allows attackers to cause a denial of service (memory corruption and application crash) by leveraging a window-close action during a debugger-pause state.
26 CVE-2017-2376 284 2017-04-01 2017-07-11
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar by leveraging text input during the loading of a page.
27 CVE-2016-7667 20 DoS 2017-02-20 2017-02-22
5.0
None Remote Low Not required None None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service via a crafted string.
28 CVE-2016-7662 295 2017-02-20 2017-07-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
29 CVE-2016-7643 125 DoS +Info 2017-02-20 2017-07-26
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "ImageIO" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted web site.
30 CVE-2016-4774 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4773 and CVE-2016-4776.
31 CVE-2016-4773 125 DoS +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app, a different vulnerability than CVE-2016-4774 and CVE-2016-4776.
32 CVE-2016-4772 399 DoS 2016-09-25 2017-07-29
5.0
None Remote Low Not required None None Partial
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
33 CVE-2016-4746 200 +Info 2016-09-18 2017-08-12
5.0
None Remote Low Not required Partial None None
The Keyboards component in Apple iOS before 10 does not properly use a cache for auto-correct suggestions, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an unintended correction.
34 CVE-2016-4743 119 DoS Overflow Mem. Corr. +Info 2017-02-20 2017-07-26
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption and application crash) via a crafted web site.
35 CVE-2016-4725 119 DoS Overflow Mem. Corr. +Info 2016-09-25 2017-07-29
5.8
None Remote Medium Not required Partial None Partial
IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted web site.
36 CVE-2016-4711 20 2016-09-25 2017-07-29
5.0
None Remote Low Not required Partial None None
CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X before 10.12 allows attackers to discover cleartext information by leveraging a function call that specifies the same buffer for input and output.
37 CVE-2016-4693 326 Bypass 2017-02-20 2017-07-26
5.0
None Remote Low Not required Partial None None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which makes it easier for attackers to bypass cryptographic protection mechanisms by leveraging use of the 3DES cipher.
38 CVE-2016-4689 254 2017-02-20 2017-07-26
5.0
None Remote Low Not required None Partial None
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate.
39 CVE-2016-4660 200 DoS +Info 2017-02-20 2017-07-28
5.8
None Remote Medium Not required Partial None Partial
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "FontParser" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font.
40 CVE-2016-4632 119 DoS Overflow 2016-07-21 2017-08-31
5.0
None Remote Low Not required None None Partial
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
41 CVE-2016-4447 119 DoS Overflow 2016-06-09 2017-08-31
5.0
None Remote Low Not required None None Partial
The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
42 CVE-2016-1864 200 XSS +Info 2016-06-19 2017-08-31
5.0
None Remote Low Not required Partial None None
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
43 CVE-2016-1842 284 +Info 2016-05-20 2016-12-01
5.0
None Remote Low Not required Partial None None
MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS before 2.2.1 does not use HTTPS for shared links, which allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic.
44 CVE-2016-1811 DoS 2016-05-20 2016-11-30
5.0
None Remote Low Not required None None Partial
ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
45 CVE-2016-1801 200 +Info 2016-05-20 2016-11-30
5.0
None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
46 CVE-2016-1786 200 Bypass +Info 2016-03-23 2016-12-02
5.8
None Remote Medium Not required Partial Partial None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
47 CVE-2016-1766 2016-03-23 2016-12-02
5.0
None Remote Low Not required None Partial None
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
48 CVE-2016-1730 19 2016-02-01 2016-12-05
5.8
None Remote Medium Not required Partial Partial None
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
49 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2017-09-13
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
50 CVE-2015-7995 DoS 2015-11-17 2017-09-09
5.0
None Remote Low Not required None None Partial
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Total number of vulnerabilities : 145   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.