iOS

CVEs (1,844)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2015-3802	Apple Inc. Mac Os X	—	0.00	Aug 17, 2015	Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
CVE-2015-3800	Apple Inc. Mac Os X	—	0.00	Aug 17, 2015	The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
CVE-2015-3797	Apple Inc. Mac Os X	—	0.01	Aug 17, 2015	The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
CVE-2015-3795	Apple Inc. Mac Os X	—	0.02	Aug 17, 2015	libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
CVE-2015-3793	Apple Inc. Iphone Os	—	0.00	Aug 17, 2015	CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
CVE-2015-3784	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-3782	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3778	Apple Inc. Mac Os X	—	0.00	Aug 16, 2015	bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3776	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3768	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
CVE-2015-3766	Apple Inc. Mac Os X	—	0.01	Aug 16, 2015	The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3759	Apple Inc. Iphone Os	—	0.00	Aug 16, 2015	Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
CVE-2015-3758	Apple Inc. Iphone Os	—	0.00	Aug 16, 2015	UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3756	Apple Inc. Iphone Os	—	0.00	Aug 16, 2015	The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
CVE-2015-3755	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3753	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image…
CVE-2015-3752	Canonical Ubuntu Linux	—	0.02	Aug 16, 2015	The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…
CVE-2015-3751	Apple Inc. Safari	—	0.02	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an…
CVE-2015-3750	Apple Inc. Safari	—	0.01	Aug 16, 2015	WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows…
CVE-2015-3749	Canonical Ubuntu Linux	—	0.01	Aug 16, 2015	WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

CVE-2015-3802Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism via a crafted Mach-O file, a different vulnerability than CVE-2015-3805.
CVE-2015-3800Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image.
CVE-2015-3797Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than…
CVE-2015-3795Aug 17, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.02
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
CVE-2015-3793Aug 17, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app.
CVE-2015-3784Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-3782Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app.
CVE-2015-3778Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.00
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3776Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2015-3768Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
CVE-2015-3766Aug 16, 2015
Apple Inc.
Mac Os X
risk 0.00cvss —epss 0.01
The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3759Aug 16, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink.
CVE-2015-3758Aug 16, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL.
CVE-2015-3756Aug 16, 2015
Apple Inc.
Iphone Os
risk 0.00cvss —epss 0.00
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
CVE-2015-3755Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3753Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive image…
CVE-2015-3752Aug 16, 2015
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.02
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain…
CVE-2015-3751Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.02
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an…
CVE-2015-3750Aug 16, 2015
Apple Inc.
Safari
risk 0.00cvss —epss 0.01
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows…
CVE-2015-3749Aug 16, 2015
Canonical
Ubuntu Linux
risk 0.00cvss —epss 0.01
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability…

Page 72 of 93