Iphone Os

iphone_os

Vendor: Apple • 4,015 CVEs

CVEs (4,015)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-4594 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Jul 22, 2016 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.
CVE-2016-4593 1Apple 1Iphone Os May 6, 2026 Jul 22, 2016 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.
CVE-2016-4584 1Apple 3Iphone Os SafariTvos May 6, 2026 Jul 22, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte...Show more The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.Show less
CVE-2016-4582 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Jul 22, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a dif...Show more The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.Show less
CVE-2016-1865 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Jul 22, 2016 N/A· v4 5.5 MEDIUM· v3 4.9 MEDIUM· v2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2016-1863 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Jul 22, 2016 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a dif...Show more The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.Show less
CVE-2015-7988 1Apple 5Airport Base Station Firmware Iphone OsMac Os X+2 more May 6, 2026 Jun 26, 2016 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.
CVE-2015-7987 1Apple 5Airport Base Station Firmware Iphone OsMac Os X+2 more May 6, 2026 Jun 26, 2016 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_...Show more Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueForMACAddr, (3) rfc3110_import, or (4) CopyNSEC3ResourceRecord function.Show less
CVE-2016-1864 1Apple 2Iphone Os Safari May 6, 2026 Jun 19, 2016 N/A· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2016-4448 8Apple HpMcafee+5 more 19Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Server Aus+16 more May 6, 2026 Jun 9, 2016 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
CVE-2016-4447 7Apple CanonicalDebian+4 more 11Debian Linux Icewall Federation AgentIphone Os+8 more May 6, 2026 Jun 9, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlPa...Show more The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.Show less
CVE-2016-1859 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web...Show more The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.Show less
CVE-2016-1858 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-1857 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1856.Show less
CVE-2016-1856 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1855, and CVE-2016-1857.Show less
CVE-2016-1855 1Apple 3Iphone Os SafariTvos May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.Show less
CVE-2016-1854 2Apple Webkitgtk 4Iphone Os SafariTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a differen...Show more WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.Show less
CVE-2016-1852 1Apple 1Iphone Os May 6, 2026 May 20, 2016 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.
CVE-2016-1849 1Apple 2Iphone Os Safari May 6, 2026 May 20, 2016 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive in...Show more The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.Show less
CVE-2016-1847 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 May 20, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte...Show more OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.Show less

Previous 1...149150151...201 Next