CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2015-5842 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
652 CVE-2015-5841 74 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
653 CVE-2015-5840 119 DoS Overflow 2015-09-18 2016-12-21
5.0
None Remote Low Not required None None Partial
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
654 CVE-2015-5839 254 Bypass 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
655 CVE-2015-5838 284 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
656 CVE-2015-5837 20 Bypass 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
657 CVE-2015-5835 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
658 CVE-2015-5834 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
659 CVE-2015-5832 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.
660 CVE-2015-5831 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
661 CVE-2015-5829 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.
662 CVE-2015-5827 200 Bypass +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
663 CVE-2015-5826 284 Bypass 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
664 CVE-2015-5825 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.
665 CVE-2015-5824 310 +Info 2015-09-18 2016-12-21
4.3
None Local Network Medium Not required Partial Partial None
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
666 CVE-2015-5823 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
667 CVE-2015-5822 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
668 CVE-2015-5821 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
669 CVE-2015-5820 20 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
670 CVE-2015-5819 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
671 CVE-2015-5818 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
672 CVE-2015-5817 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
673 CVE-2015-5816 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
674 CVE-2015-5814 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
675 CVE-2015-5813 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
676 CVE-2015-5812 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
677 CVE-2015-5811 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
678 CVE-2015-5810 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
679 CVE-2015-5809 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
680 CVE-2015-5807 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
681 CVE-2015-5806 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
682 CVE-2015-5805 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
683 CVE-2015-5804 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
684 CVE-2015-5803 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
685 CVE-2015-5802 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
686 CVE-2015-5801 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
687 CVE-2015-5800 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
688 CVE-2015-5799 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
689 CVE-2015-5797 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
690 CVE-2015-5796 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
691 CVE-2015-5795 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
692 CVE-2015-5794 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
693 CVE-2015-5793 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
694 CVE-2015-5792 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
695 CVE-2015-5791 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
696 CVE-2015-5790 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
697 CVE-2015-5789 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
698 CVE-2015-5788 200 Bypass +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
699 CVE-2015-5787 264 Bypass 2015-11-21 2015-11-23
4.3
None Remote Medium Not required None Partial None
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
700 CVE-2015-5782 200 +Info 2015-08-16 2016-12-23
4.3
None Remote Medium Not required Partial None None
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
Total number of vulnerabilities : 1178   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.