Iphone OS
by Apple Inc.
CVEs (2,060)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5766 | 0.00 | — | 0.02 | Aug 17, 2015 | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||
| CVE-2015-5761 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. | |||
| CVE-2015-5759 | 0.00 | — | 0.02 | Aug 17, 2015 | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||
| CVE-2015-5758 | 0.00 | — | 0.03 | Aug 17, 2015 | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image. | |||
| CVE-2015-5757 | 0.00 | — | 0.03 | Aug 17, 2015 | libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking. | |||
| CVE-2015-5756 | 0.00 | — | 0.03 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775. | |||
| CVE-2015-5755 | 0.00 | — | 0.03 | Aug 17, 2015 | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761. | |||
| CVE-2015-5752 | 0.00 | — | 0.02 | Aug 17, 2015 | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||
| CVE-2015-5749 | 0.00 | — | 0.01 | Aug 17, 2015 | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-5748 | 0.00 | — | 0.00 | Aug 17, 2015 | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |||
| CVE-2015-5746 | 0.00 | — | 0.01 | Aug 17, 2015 | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||
| CVE-2015-3807 | 0.00 | — | 0.02 | Aug 17, 2015 | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document. | |||
| CVE-2015-3806 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | |||
| CVE-2015-3805 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802. | |||
| CVE-2015-3804 | 0.00 | — | 0.04 | Aug 17, 2015 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775. | |||
| CVE-2015-3803 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file. | |||
| CVE-2015-3802 | 0.00 | — | 0.00 | Aug 17, 2015 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805. | |||
| CVE-2015-3800 | 0.00 | — | 0.00 | Aug 17, 2015 | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |||
| CVE-2015-3797 | 0.00 | — | 0.03 | Aug 17, 2015 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than… | |||
| CVE-2015-3795 | 0.00 | — | 0.05 | Aug 17, 2015 | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message. |
- CVE-2015-5766Aug 17, 2015risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
- CVE-2015-5761Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
- CVE-2015-5759Aug 17, 2015risk 0.00cvss —epss 0.02
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
- CVE-2015-5758Aug 17, 2015risk 0.00cvss —epss 0.03
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
- CVE-2015-5757Aug 17, 2015risk 0.00cvss —epss 0.03
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
- CVE-2015-5756Aug 17, 2015risk 0.00cvss —epss 0.03
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.
- CVE-2015-5755Aug 17, 2015risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5761.
- CVE-2015-5752Aug 17, 2015risk 0.00cvss —epss 0.02
Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink.
- CVE-2015-5749Aug 17, 2015risk 0.00cvss —epss 0.01
The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
- CVE-2015-5748Aug 17, 2015risk 0.00cvss —epss 0.00
The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume.
- CVE-2015-5746Aug 17, 2015risk 0.00cvss —epss 0.01
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling.
- CVE-2015-3807Aug 17, 2015risk 0.00cvss —epss 0.02
libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XML document.
- CVE-2015-3806Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file.
- CVE-2015-3805Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3802.
- CVE-2015-3804Aug 17, 2015risk 0.00cvss —epss 0.04
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5756 and CVE-2015-5775.
- CVE-2015-3803Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted multi-architecture executable file.
- CVE-2015-3802Aug 17, 2015risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
- CVE-2015-3800Aug 17, 2015risk 0.00cvss —epss 0.00
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
- CVE-2015-3797Aug 17, 2015risk 0.00cvss —epss 0.03
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
- CVE-2015-3795Aug 17, 2015risk 0.00cvss —epss 0.05
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
Page 70 of 103