Iphone Os

iphone_os

Vendor: Apple • 4,015 CVEs

CVEs (4,015)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-3694 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-20...Show more FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.Show less
CVE-2015-3690 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
CVE-2015-3689 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015...Show more CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.Show less
CVE-2015-3688 1Apple 3Iphone Os ItunesMac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015...Show more CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.Show less
CVE-2015-3687 1Apple 3Iphone Os ItunesMac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015...Show more CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.Show less
CVE-2015-3686 1Apple 3Iphone Os ItunesMac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015...Show more CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.Show less
CVE-2015-3685 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015...Show more CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.Show less
CVE-2015-3684 1Apple 2Iphone Os Mac Os X May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credential...Show more The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.Show less
CVE-2015-3659 1Apple 3Iphone Os Mac Os XSafari May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to...Show more The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.Show less
CVE-2015-3658 1Apple 3Iphone Os Mac Os XSafari May 6, 2026 Jul 3, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions abo...Show more The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.Show less
CVE-2015-1157 1Apple 3Iphone Os ItunesMac Os X May 6, 2026 May 28, 2015 N/A· v4 N/A· v3 7.8 HIGH· v2 CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifica...Show more CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message.Show less
CVE-2014-8146 2Apple Icu Project 5International Components For Unicode Iphone OsItunes+2 more May 6, 2026 May 25, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated...Show more The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.Show less
CVE-2015-4000 12Apple CanonicalDebian+9 more 25Chrome Content ManagerDebian Linux+22 more May 27, 2026 May 21, 2015 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgra...Show more The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.Show less
CVE-2015-1156 1Apple 2Iphone Os Safari May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass...Show more The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.Show less
CVE-2015-1155 1Apple 2Iphone Os Safari May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...Show more The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.Show less
CVE-2015-1153 1Apple 3Iphone Os ItunesSafari May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...Show more WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154.Show less
CVE-2015-1152 1Apple 3Iphone Os ItunesSafari May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 6.8 MEDIUM· v2 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...Show more WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154.Show less
CVE-2015-1129 1Apple 2Iphone Os Safari May 6, 2026 Apr 10, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
CVE-2015-1126 1Apple 2Iphone Os Safari May 6, 2026 Apr 10, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect r...Show more WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.Show less
CVE-2015-1125 1Apple 1Iphone Os May 6, 2026 Apr 10, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site.

Previous 1...168169170...201 Next