Filtered by vendor Apple
Subscriptions
Filtered by product Iphone Os
Subscriptions
Total
4200 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5895 | 2 Apple, Sqlite | 2 Iphone Os, Sqlite | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | ||||
| CVE-2015-5522 | 4 Apple, Canonical, Debian and 1 more | 6 Iphone Os, Mac Os X, Watchos and 3 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | ||||
| CVE-2014-4378 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted PDF document. | ||||
| CVE-2014-4380 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV before 7 lacks proper bounds checking on write operations, which allows attackers to execute arbitrary code in the kernel's context via a crafted application. | ||||
| CVE-2015-5885 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | ||||
| CVE-2016-0974 | 6 Adobe, Apple, Google and 3 more | 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more | 2025-04-12 | 8.8 High |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. | ||||
| CVE-2016-4607 | 4 Apple, Fedoraproject, Microsoft and 1 more | 9 Icloud, Iphone Os, Itunes and 6 more | 2025-04-12 | 9.8 Critical |
| libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | ||||
| CVE-2015-5880 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | ||||
| CVE-2015-5925 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. | ||||
| CVE-2015-5876 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2015-5874 | 1 Apple | 4 Iphone Os, Itunes, Mac Os X and 1 more | 2025-04-12 | N/A |
| CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | ||||
| CVE-2015-3659 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | N/A |
| The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | ||||
| CVE-2014-4383 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The Assets subsystem in Apple iOS before 8 and Apple TV before 7 allows man-in-the-middle attackers to spoof a device's update status via a crafted Last-Modified HTTP response header. | ||||
| CVE-2016-0983 | 6 Adobe, Apple, Google and 3 more | 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more | 2025-04-12 | 8.8 High |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984. | ||||
| CVE-2015-5869 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Apple iOS before 9 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | ||||
| CVE-2015-5867 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| IOHIDFamily in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2014-4363 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element. | ||||
| CVE-2015-5863 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | ||||
| CVE-2015-5861 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | ||||
| CVE-2014-4364 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | ||||