iOS

CVEs (1,449)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-5790	Apple Inc. Safari	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5789	Apple Inc. Safari	—	0.02	Sep 18, 2015	WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5788	Apple Inc. Safari	—	0.01	Sep 18, 2015	The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-3801	Apple Inc. Safari	—	0.01	Sep 18, 2015	The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2014-8611	FreeBSD FreeBSD	—	0.00	Sep 18, 2015	The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774	Apple Inc. Mac Os X	—	0.00	Aug 17, 2015	Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769	Apple Inc. Iphone Os	—	0.01	Aug 17, 2015	The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
CVE-2015-5766	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
CVE-2015-5761	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
CVE-2015-5759	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
CVE-2015-5758	Apple Inc. Mac Os X	—	0.03	Aug 17, 2015	ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
CVE-2015-5757	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
CVE-2015-5756	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

CVE-2015-5790Sep 18, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5789Sep 18, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.02
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in…
CVE-2015-5788Sep 18, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element.
CVE-2015-3801Sep 18, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
CVE-2014-8611Sep 18, 2015
FreeBSD
FreeBSD
risk 0.00cvss —epss 0.00
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via…
CVE-2015-5782Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2015-5781Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image.
CVE-2015-5778Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777.
CVE-2015-5777Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778.
CVE-2015-5776Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket.
CVE-2015-5775Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756.
CVE-2015-5774Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5770Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app.
CVE-2015-5769Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.01
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video.
CVE-2015-5766Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
CVE-2015-5761Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755.
CVE-2015-5759Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
CVE-2015-5758Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.03
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
CVE-2015-5757Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via an app that uses a crafted syscall to interfere with locking.
CVE-2015-5756Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5775.

Page 66 of 73