CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Apple » Iphone Os : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2016-1802 200 +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 mishandles return values during key-length calculations, which allows attackers to obtain sensitive information via a crafted app.
402 CVE-2016-1801 200 +Info 2016-05-20 2016-11-30
5.0
None Remote Low Not required Partial None None
The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, and tvOS before 9.2.1 mishandles URLs in http and https requests, which allows remote attackers to obtain sensitive information via unspecified vectors.
403 CVE-2016-1790 119 Overflow +Info 2016-05-20 2016-11-30
4.3
None Remote Medium Not required Partial None None
Buffer overflow in the Accessibility component in Apple iOS before 9.3.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
404 CVE-2016-1788 310 2016-03-23 2016-12-02
2.6
None Remote High Not required Partial None None
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
405 CVE-2016-1786 200 Bypass +Info 2016-03-23 2016-12-02
5.8
None Remote Medium Not required Partial Partial None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
406 CVE-2016-1785 200 Bypass +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles character encoding during access to cached data, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
407 CVE-2016-1784 399 DoS 2016-03-23 2016-12-02
4.3
None Remote Medium Not required None None Partial
The History implementation in WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to cause a denial of service (resource consumption and application crash) via a crafted web site.
408 CVE-2016-1783 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
409 CVE-2016-1782 284 Bypass 2016-03-23 2016-12-02
4.3
None Remote Medium Not required None Partial None
WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly restrict redirects that specify a TCP port number, which allows remote attackers to bypass intended port restrictions via a crafted web site.
410 CVE-2016-1781 19 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles attachment URLs, which makes it easier for remote web servers to track users via unspecified vectors.
411 CVE-2016-1780 200 +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site.
412 CVE-2016-1779 200 Bypass +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
413 CVE-2016-1778 399 DoS Exec Code Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
414 CVE-2016-1775 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
415 CVE-2016-1766 2016-03-23 2016-12-02
5.0
None Remote Low Not required None Partial None
The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors.
416 CVE-2016-1763 20 +Info 2016-03-23 2016-12-02
3.5
None Remote Medium Single system Partial None None
Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread.
417 CVE-2016-1762 119 DoS Overflow 2016-03-23 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
418 CVE-2016-1761 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
419 CVE-2016-1760 284 Bypass 2016-03-29 2016-12-02
2.1
None Local Low Not required None Partial None
The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app.
420 CVE-2016-1758 119 DoS Overflow +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app.
421 CVE-2016-1757 362 Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
422 CVE-2016-1756 DoS Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
423 CVE-2016-1755 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2017-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1754.
424 CVE-2016-1754 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1755.
425 CVE-2016-1753 189 Exec Code Overflow 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allow attackers to execute arbitrary code in a privileged context via a crafted app.
426 CVE-2016-1752 20 DoS 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app.
427 CVE-2016-1751 264 Exec Code Bypass 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
428 CVE-2016-1750 Exec Code 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
429 CVE-2016-1748 200 +Info 2016-03-23 2016-12-02
4.3
None Remote Medium Not required Partial None None
IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
430 CVE-2016-1740 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
9.3
None Remote Medium Not required Complete Complete Complete
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
431 CVE-2016-1734 119 DoS Exec Code Overflow Mem. Corr. 2016-03-23 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device.
432 CVE-2016-1730 19 2016-02-01 2016-12-05
5.8
None Remote Medium Not required Partial Partial None
WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal.
433 CVE-2016-1728 200 +Info 2016-02-01 2017-06-30
4.3
None Remote Medium Not required Partial None None
The Cascading Style Sheets (CSS) implementation in Apple iOS before 9.2.1 and Safari before 9.0.3 mishandles the "a:visited button" selector during height processing, which makes it easier for remote attackers to obtain sensitive browser-history information via a crafted web site.
434 CVE-2016-1727 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2017-06-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
435 CVE-2016-1726 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2017-06-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
436 CVE-2016-1725 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2017-06-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
437 CVE-2016-1724 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2017-06-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
438 CVE-2016-1723 119 DoS Exec Code Overflow Mem. Corr. 2016-02-01 2017-06-30
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
439 CVE-2016-1722 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
440 CVE-2016-1721 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
441 CVE-2016-1720 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
442 CVE-2016-1719 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
443 CVE-2016-1717 119 DoS Overflow +Priv Mem. Corr. 2016-02-01 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
The Disk Images component in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
444 CVE-2016-0802 20 DoS Exec Code Mem. Corr. 2016-02-06 2016-12-02
8.3
None Local Network Low Not required Complete Complete Complete
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
445 CVE-2016-0801 20 DoS Exec Code Mem. Corr. 2016-02-06 2017-09-06
8.3
None Local Network Low Not required Complete Complete Complete
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
446 CVE-2015-8659 119 Overflow 2016-01-12 2017-06-30
10.0
None Remote Low Not required Complete Complete Complete
The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
447 CVE-2015-8242 119 DoS Overflow +Info 2015-12-15 2017-09-13
5.8
None Remote Medium Not required Partial None Partial
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
448 CVE-2015-8035 399 DoS 2015-11-18 2017-09-13
2.6
None Remote High Not required None None Partial
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
449 CVE-2015-7995 DoS 2015-11-17 2017-09-09
5.0
None Remote Low Not required None None Partial
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
450 CVE-2015-7988 DoS Exec Code 2016-06-25 2016-11-29
7.5
None Remote Low Not required Partial Partial Partial
The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
Total number of vulnerabilities : 1228   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.