Iphone Os

iphone_os

Vendor: Apple • 4,015 CVEs

CVEs (4,015)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-7047 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 7.2 HIGH· v2 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2015-7046 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 2.6 LOW· v2 The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mech...Show more The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the ASLR protection mechanism via a crafted app with root privileges.Show less
CVE-2015-7043 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-704...Show more The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.Show less
CVE-2015-7042 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-704...Show more The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7043.Show less
CVE-2015-7041 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-704...Show more The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7042, and CVE-2015-7043.Show less
CVE-2015-7040 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-704...Show more The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7041, CVE-2015-7042, and CVE-2015-7043.Show less
CVE-2015-7039 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-20...Show more Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.Show less
CVE-2015-7038 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-20...Show more Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7039.Show less
CVE-2015-7037 1Apple 1Iphone Os May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname.
CVE-2015-7001 1Apple 4Iphone Os Mac Os XTvos+1 more May 6, 2026 Dec 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app.
CVE-2015-7036 1Apple 2Iphone Os Mac Os X May 6, 2026 Nov 22, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that tr...Show more The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a SQL command that triggers an API call with a crafted pointer value in the second argument.Show less
CVE-2015-5859 1Apple 2Iphone Os Mac Os X May 6, 2026 Nov 22, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to o...Show more The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.Show less
CVE-2015-5787 1Apple 1Iphone Os May 6, 2026 Nov 22, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app.
CVE-2015-8035 4Apple CanonicalDebian+1 more 7Debian Linux Iphone OsLibxml2+4 more May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 2.6 LOW· v2 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2015-7942 5Apple CanonicalDebian+2 more 9Debian Linux Icewall Federation AgentIcewall File Manager+6 more May 6, 2026 Nov 18, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out...Show more The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.Show less
CVE-2015-7995 2Apple Xmlsoft 5Iphone Os LibxsltMac Os X+2 more May 6, 2026 Nov 17, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" i...Show more The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.Show less
CVE-2015-7023 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 5.8 MEDIUM· v2 CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified...Show more CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.Show less
CVE-2015-7018 1Apple 2Iphone Os Mac Os X May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.Show less
CVE-2015-7015 1Apple 3Iphone Os Mac Os XWatchos May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed con...Show more Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client.Show less
CVE-2015-7014 1Apple 3Iphone Os ItunesSafari May 6, 2026 Oct 23, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a craft...Show more WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.Show less

Previous 1...156157158...201 Next