Iphone Os

iphone_os

Vendor: Apple • 4,015 CVEs

CVEs (4,015)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3734 1Apple 3Iphone Os ItunesSafari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...Show more WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.Show less
CVE-2015-3733 1Apple 3Iphone Os ItunesSafari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...Show more WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.Show less
CVE-2015-3732 1Apple 2Iphone Os Safari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...Show more WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.Show less
CVE-2015-3731 2Apple Canonical 4Iphone Os ItunesSafari+1 more May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...Show more WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.Show less
CVE-2015-3730 1Apple 3Iphone Os ItunesSafari May 6, 2026 Aug 16, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application...Show more WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.Show less
CVE-2015-1819 8Apple CanonicalDebian+5 more 12Debian Linux Enterprise LinuxFedora+9 more May 6, 2026 Aug 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
CVE-2015-5523 4Apple CanonicalDebian+1 more 6Debian Linux Iphone OsMac Os X+3 more May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memo...Show more The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.Show less
CVE-2015-5522 4Apple CanonicalDebian+1 more 6Debian Linux Iphone OsMac Os X+3 more May 6, 2026 Aug 11, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
CVE-2015-3728 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.8 MEDIUM· v2 The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network'...Show more The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.Show less
CVE-2015-3727 1Apple 3Iphone Os Mac Os XSafari May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attacker...Show more WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.Show less
CVE-2015-3726 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
CVE-2015-3725 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioni...Show more MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.Show less
CVE-2015-3724 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015...Show more CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.Show less
CVE-2015-3723 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015...Show more CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.Show less
CVE-2015-3722 1Apple 1Iphone Os May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile ap...Show more Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.Show less
CVE-2015-3721 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3719 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnera...Show more TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.Show less
CVE-2015-3717 2Apple Sqlite 3Iphone Os Mac Os XSqlite May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash)...Show more Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.Show less
CVE-2015-3710 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
CVE-2015-3703 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.

Previous 1...167168169...201 Next