iOS

CVEs (2,979)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-5796	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5795	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5794	Apple Inc. iTunes	—	0.01	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5793	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs…
CVE-2015-5792	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5791	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs…
CVE-2015-5790	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5789	Apple Inc. iTunes	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5788	Apple Inc. iOS	—	0.01	Sep 18, 2015	The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-3801	Apple Inc. iOS	—	0.01	Sep 18, 2015	The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2014-8611	Apple Inc. iOS	—	0.00	Sep 18, 2015	The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782	Apple Inc. iOS	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781	Apple Inc. iOS	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778	Apple Inc. iOS	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777	Apple Inc. iOS	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776	Apple Inc. iOS	—	0.03	Aug 17, 2015	Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775	Apple Inc. iOS	—	0.02	Aug 17, 2015	FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774	Apple Inc. iOS	—	0.00	Aug 17, 2015	Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770	Apple Inc. iOS	—	0.00	Aug 17, 2015	MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769	Apple Inc. iOS	—	0.01	Aug 17, 2015	The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.

CVE-2015-5796Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5795Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5794Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5793Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs…
CVE-2015-5792Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5791Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs…
CVE-2015-5790Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5789Sep 18, 2015
Apple Inc.
iTunes
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5788Sep 18, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-3801Sep 18, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2014-8611Sep 18, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.03
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.00
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769Aug 17, 2015
Apple Inc.
iOS
risk 0.00cvss —epss 0.01
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.

Page 127 of 149