VYPR

Iphone OS

by Apple Inc.

CVEs (2,060)

  • CVE-2016-4593LowJul 22, 2016
    risk 0.16cvss 2.4epss 0.00

    The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

  • CVE-2016-1852LowMay 20, 2016
    risk 0.16cvss 2.4epss 0.00

    Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors.

  • CVE-2024-44123LowOct 28, 2024
    risk 0.15cvss 2.3epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. A malicious app with root privileges may be able to access keyboard input and location information without user consent.

  • CVE-2025-43423LowNov 4, 2025
    risk 0.13cvss 2.0epss 0.00

    A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, visionOS 26.1. An attacker with physical access to an unlocked device paired with a Mac may be able…

  • CVE-2011-3026Feb 16, 2012
    risk 0.06cvss epss 0.73

    Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

  • CVE-2014-8146May 25, 2015
    risk 0.05cvss epss 0.24

    The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a…

  • CVE-2014-4492Jan 30, 2015
    risk 0.05cvss epss 0.20

    libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as…

  • CVE-2010-1797Aug 16, 2010
    risk 0.05cvss epss 0.31

    Multiple stack-based buffer overflows in the cff_decoder_parse_charstrings function in the CFF Type2 CharStrings interpreter in cff/cffgload.c in FreeType before 2.4.2, as used in Apple iOS before 4.0.2 on the iPhone and iPod touch and before 3.2.2 on the iPad, allow remote…

  • CVE-2010-1119Mar 25, 2010
    risk 0.05cvss epss 0.19

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or…

  • CVE-2008-3529Sep 12, 2008
    risk 0.05cvss epss 0.23

    Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.

  • CVE-2015-7112Dec 11, 2015
    risk 0.04cvss epss 0.09

    The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than…

  • CVE-2015-7039Dec 11, 2015
    risk 0.04cvss epss 0.11

    Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.

  • CVE-2015-6996Oct 23, 2015
    risk 0.04cvss epss 0.07

    IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2015-6995Oct 23, 2015
    risk 0.04cvss epss 0.06

    The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app.

  • CVE-2015-3798Aug 17, 2015
    risk 0.04cvss epss 0.13

    The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…

  • CVE-2015-3796Aug 17, 2015
    risk 0.04cvss epss 0.12

    The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…

  • CVE-2015-1155May 8, 2015
    risk 0.04cvss epss 0.11

    The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site.

  • CVE-2015-1126Apr 10, 2015
    risk 0.04cvss epss 0.10

    WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors.

  • CVE-2013-6835Mar 14, 2014
    risk 0.04cvss epss 0.07

    TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.

  • CVE-2013-2842May 22, 2013
    risk 0.04cvss epss 0.12

    Use-after-free vulnerability in Google Chrome before 27.0.1453.93 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of widgets.

Page 57 of 103