CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-3727 264 2015-07-02 2015-07-08
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
2 CVE-2015-3724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
3 CVE-2015-3723 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
4 CVE-2015-3719 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
5 CVE-2015-3703 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
6 CVE-2015-3694 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
7 CVE-2015-3689 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
8 CVE-2015-3688 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
9 CVE-2015-3687 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.
10 CVE-2015-3686 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
11 CVE-2015-3685 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
12 CVE-2015-3684 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2015-07-06
6.8
None Remote Medium Not required Partial Partial Partial
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
13 CVE-2015-3659 264 DoS Exec Code 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
14 CVE-2015-3658 254 Bypass CSRF 2015-07-02 2015-07-07
6.8
None Remote Medium Not required Partial Partial Partial
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
15 CVE-2015-1153 DoS Exec Code Mem. Corr. 2015-05-07 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.
16 CVE-2015-1152 DoS Exec Code Mem. Corr. 2015-05-07 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.
17 CVE-2015-1124 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
18 CVE-2015-1123 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-3 and APPLE-SA-2015-04-08-4.
19 CVE-2015-1122 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
20 CVE-2015-1121 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-13
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
21 CVE-2015-1120 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-05
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
22 CVE-2015-1119 DoS Exec Code Mem. Corr. 2015-04-10 2015-07-22
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
23 CVE-2015-1117 264 Exec Code 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which makes it easier for attackers to execute code with unintended user or group privileges via a crafted app.
24 CVE-2015-1101 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
25 CVE-2015-1098 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
26 CVE-2015-1093 DoS Exec Code Mem. Corr. 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
27 CVE-2015-1088 20 Exec Code 2015-04-10 2015-04-14
6.8
None Remote Medium Not required Partial Partial Partial
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
28 CVE-2015-1086 20 Exec Code 2015-04-10 2015-04-14
6.9
None Local Medium Not required Complete Complete Complete
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
29 CVE-2015-1083 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-14
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
30 CVE-2015-1082 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
31 CVE-2015-1081 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
32 CVE-2015-1080 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
33 CVE-2015-1079 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
34 CVE-2015-1078 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
35 CVE-2015-1077 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-15
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
36 CVE-2015-1076 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
37 CVE-2015-1074 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
38 CVE-2015-1073 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
39 CVE-2015-1072 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
40 CVE-2015-1071 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
41 CVE-2015-1070 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
42 CVE-2015-1069 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
43 CVE-2015-1068 399 DoS Exec Code Mem. Corr. 2015-03-18 2015-07-28
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
44 CVE-2014-8840 310 Bypass 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store.
45 CVE-2014-4494 20 Bypass 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app.
46 CVE-2014-4483 119 DoS Exec Code Overflow 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font file in a PDF document.
47 CVE-2014-4481 189 DoS Exec Code Overflow 2015-01-30 2015-02-18
6.8
None Remote Medium Not required Partial Partial Partial
Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
48 CVE-2014-4479 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4477.
49 CVE-2014-4477 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
50 CVE-2014-4476 119 DoS Exec Code Overflow Mem. Corr. 2015-01-30 2015-07-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4477 and CVE-2014-4479.
Total number of vulnerabilities : 158   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.