CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2015-5803 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
602 CVE-2015-5802 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
603 CVE-2015-5801 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
604 CVE-2015-5800 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
605 CVE-2015-5799 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
606 CVE-2015-5797 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
607 CVE-2015-5796 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
608 CVE-2015-5795 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
609 CVE-2015-5794 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
610 CVE-2015-5793 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
611 CVE-2015-5792 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
612 CVE-2015-5791 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
613 CVE-2015-5790 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
614 CVE-2015-5789 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
615 CVE-2015-5788 200 Bypass +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
616 CVE-2015-5787 264 Bypass 2015-11-21 2015-11-23
4.3
None Remote Medium Not required None Partial None
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
617 CVE-2015-5782 200 +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
618 CVE-2015-5781 200 +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
619 CVE-2015-5778 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
620 CVE-2015-5777 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
621 CVE-2015-5776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
622 CVE-2015-5775 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
623 CVE-2015-5774 119 Overflow +Priv 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
624 CVE-2015-5773 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
625 CVE-2015-5770 264 2015-08-16 2016-12-23
5.8
None Remote Medium Not required None Partial Partial
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
626 CVE-2015-5769 DoS 2015-08-16 2016-12-23
7.1
None Remote Medium Not required None None Complete
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
627 CVE-2015-5767 20 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.
628 CVE-2015-5766 22 Dir. Trav. 2015-08-16 2016-12-23
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
629 CVE-2015-5765 20 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
630 CVE-2015-5764 20 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.
631 CVE-2015-5761 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
632 CVE-2015-5759 254 2015-08-16 2016-12-23
5.0
None Remote Low Not required None Partial None
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
633 CVE-2015-5758 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
634 CVE-2015-5757 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
635 CVE-2015-5756 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
636 CVE-2015-5755 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
637 CVE-2015-5752 59 Bypass 2015-08-16 2016-12-23
5.0
None Remote Low Not required Partial None None
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
638 CVE-2015-5749 200 Bypass +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
639 CVE-2015-5748 17 DoS 2015-08-16 2016-11-28
2.1
None Local Low Not required None None Partial
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
640 CVE-2015-5746 284 Bypass 2015-08-16 2016-12-23
5.0
None Remote Low Not required Partial None None
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
641 CVE-2015-5523 119 DoS Overflow 2015-08-11 2016-12-07
4.3
None Remote Medium Not required None None Partial
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
642 CVE-2015-5522 119 DoS Overflow 2015-08-11 2016-12-07
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
643 CVE-2015-5312 399 DoS 2015-12-15 2017-06-30
7.1
None Remote Medium Not required None None Complete
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
644 CVE-2015-4000 310 2015-05-20 2017-06-30
4.3
None Remote Medium Not required None Partial None
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
645 CVE-2015-3807 119 DoS Overflow Mem. Corr. +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
646 CVE-2015-3806 284 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
647 CVE-2015-3805 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
648 CVE-2015-3804 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
7.5
None Remote Low Not required Partial Partial Partial
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
649 CVE-2015-3803 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
650 CVE-2015-3802 20 Bypass 2015-08-16 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
Total number of vulnerabilities : 1228   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.