CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
751 CVE-2015-5896 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5903.
752 CVE-2015-5892 200 Bypass +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state.
753 CVE-2015-5885 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.
754 CVE-2015-5882 284 Bypass 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leveraging root privileges.
755 CVE-2015-5880 200 Bypass +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.
756 CVE-2015-5879 20 DoS Bypass 2015-09-18 2016-12-21
5.0
None Remote Low Not required None None Partial
XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of service (TCP connection disruption) via a crafted header.
757 CVE-2015-5876 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
758 CVE-2015-5874 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
759 CVE-2015-5869 20 2015-09-18 2016-12-21
3.3
None Local Network Low Not required None Partial None
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
760 CVE-2015-5868 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2015-5903.
761 CVE-2015-5867 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
762 CVE-2015-5863 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.
763 CVE-2015-5862 119 DoS Overflow Mem. Corr. 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None None Partial
The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.
764 CVE-2015-5861 284 Bypass 2015-09-18 2016-12-21
2.1
None Local Low Not required None Partial None
SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.
765 CVE-2015-5860 200 Bypass +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site.
766 CVE-2015-5859 200 +Info 2015-11-21 2015-11-30
4.3
None Remote Medium Not required Partial None None
The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
767 CVE-2015-5858 200 Bypass +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.
768 CVE-2015-5857 254 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
769 CVE-2015-5856 254 DoS 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None None Partial
The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
770 CVE-2015-5855 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.
771 CVE-2015-5851 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack.
772 CVE-2015-5850 254 2015-09-18 2016-12-21
2.1
None Local Low Not required None Partial None
AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
773 CVE-2015-5848 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
774 CVE-2015-5847 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
775 CVE-2015-5846 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5845.
776 CVE-2015-5845 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5844 and CVE-2015-5846.
777 CVE-2015-5844 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5845 and CVE-2015-5846.
778 CVE-2015-5843 119 DoS Overflow +Priv Mem. Corr. 2015-09-18 2016-12-21
7.2
None Local Low Not required Complete Complete Complete
IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
779 CVE-2015-5842 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
780 CVE-2015-5841 74 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
781 CVE-2015-5840 119 DoS Overflow 2015-09-18 2016-12-21
5.0
None Remote Low Not required None None Partial
The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.
782 CVE-2015-5839 254 Bypass 2015-09-18 2016-12-21
5.0
None Remote Low Not required None Partial None
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
783 CVE-2015-5838 284 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.
784 CVE-2015-5837 20 Bypass 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.
785 CVE-2015-5835 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.
786 CVE-2015-5834 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
787 CVE-2015-5832 200 +Info 2015-09-18 2016-12-21
2.1
None Local Low Not required Partial None None
The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensitive information via unspecified vectors.
788 CVE-2015-5831 200 +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.
789 CVE-2015-5829 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.
790 CVE-2015-5827 200 Bypass +Info 2015-09-18 2016-12-21
5.0
None Remote Low Not required Partial None None
WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state event.
791 CVE-2015-5826 284 Bypass 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
792 CVE-2015-5825 200 +Info 2015-09-18 2016-12-21
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code.
793 CVE-2015-5824 310 +Info 2015-09-18 2016-12-21
4.3
None Local Network Medium Not required Partial Partial None
The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
794 CVE-2015-5823 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
795 CVE-2015-5822 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
796 CVE-2015-5821 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
797 CVE-2015-5820 20 2015-09-18 2016-12-21
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.
798 CVE-2015-5819 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
799 CVE-2015-5818 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
800 CVE-2015-5817 119 DoS Exec Code Overflow Mem. Corr. 2015-09-18 2016-12-21
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
Total number of vulnerabilities : 1176   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 (This Page)17 18 19 20 21 22 23 24
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.