CVE Daily
← All tags

Tag: Apple iOS

All CVEs associated with "Apple iOS". Page 39/48 • 5688 CVEs.

Subscribe CVEs: RSS for “Apple iOS”  ·  RSS (High+Critical only)

About “Apple iOS”

A curated feed of “Apple iOS”-related CVEs appears below. We currently track 5688 CVEs for this tag (all time). In the last 365 days, 502 were published. Average CVSS is 6.7 (all time; 6.3 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer, CWE-284 - Improper Access Control, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2015-09-18
Critical

CVE-2015-5903

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5899

libpthread in the kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2015-5898

CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2015-5896

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5895

Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
Low

CVE-2015-5892

Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5885

The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2015-5882

The processor_set_tasks API implementation in Apple iOS before 9 allows local users to bypass an entitlement protection mechanism and obtain access to the task ports of arbitrary processes by leverag…

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2015-5880

CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5879

XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of s…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
Critical

CVE-2015-5876

dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5874

CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2015-5869

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertis…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-5868

The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5896 and CVE-2…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5867

IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2015-5863

IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors.

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5862

The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file.

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2015-5861

SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors.

CVSS: 2.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2015-5860

The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafte…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5858

The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5857

Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.

CVSS: 5.0 CWE: CWE-254 View on NVD
Medium

CVE-2015-5856

The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.

CVSS: 4.3 CWE: CWE-254 View on NVD
Medium

CVE-2015-5855

Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2015-5851

The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an enc…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2015-5850

AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.

CVSS: 2.1 CWE: CWE-254 View on NVD
High

CVE-2015-5848

IOAcceleratorFamily in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5847

The Disk Images component in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5846

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabil…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5845

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabil…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5844

IOKit in the kernel in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabil…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5843

IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Low

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5841

The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-in…

CVSS: 5.0 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Medium

CVE-2015-5840

The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data.

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5839

dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.

CVSS: 5.0 CWE: CWE-254 View on NVD
Medium

CVE-2015-5838

SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app.

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2015-5837

PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2015-5835

Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5834

IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Low

CVE-2015-5832

The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensi…

CVSS: 2.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5831

NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5829

Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file.

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5827

WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state even…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5826

WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2015-5825

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movem…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5824

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle a…

CVSS: 4.3 CWE: CWE-310 View on NVD
Medium

CVE-2015-5823

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5822

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5821

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5820

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2015-5819

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5818

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5817

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5816

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5814

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5813

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5812

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5811

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5810

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5809

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5807

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5806

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5805

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5804

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5803

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5802

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5801

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5800

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5799

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5797

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5796

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5795

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5794

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5793

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5792

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5791

WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5790

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5789

WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5767

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2015-5765

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2015-5764

The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767.

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2015-3801

The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vecto…

CVSS: 5.0 CWE: CWE-264 View on NVD
Medium

CVE-2014-8611

The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execu…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2015-09-11
Medium

CVE-2015-5630

Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to in…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2015-5629

The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtai…

CVSS: 6.8 CWE: CWE-264 View on NVD
2015-08-31
High

CVE-2015-6272

Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) vi…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6271

Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) vi…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6270

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv6 packet, aka Bug ID CSCsv98555.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6269

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990.

CVSS: 7.8 CWE: CWE-399 View on NVD
2015-08-29
High

CVE-2015-6273

Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the automatic setup of Virtual Fragment Reassembly (VFR) by certain firewall and NAT components, which allows remote attackers to cause a den…

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6268

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482.

CVSS: 7.8 CWE: CWE-399 View on NVD
High

CVE-2015-6267

Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496.

CVSS: 7.8 CWE: CWE-399 View on NVD
2015-08-17
Medium

CVE-2015-5782

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5781

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5778

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5777

CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5776

Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5775

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-5774

Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5773

QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted offi…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5770

MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterpri…

CVSS: 5.8 CWE: CWE-264 View on NVD
High

CVE-2015-5769

The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.

CVSS: 7.1 CWE: N/A View on NVD
Medium

CVE-2015-5766

Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.

CVSS: 5.0 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2015-5761

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5759

WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.

CVSS: 5.0 CWE: CWE-254 View on NVD
Medium

CVE-2015-5758

ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF i…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-5757

libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a…

CVSS: 9.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5756

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5755

CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font…

CVSS: 6.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2015-5752

Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.

CVSS: 5.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2015-5749

The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2015-5746

AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2015-3807

libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XM…

CVSS: 4.3 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-3806

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.

CVSS: 7.2 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2015-3805

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-3804

FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2015-3803

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-3802

Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.

CVSS: 7.2 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2015-3800

The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD