Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 4073 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1831 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH 7.8 HIGH
The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5765 1 Apple 2 Iphone Os, Safari 2025-04-12 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2014-1352 1 Apple 1 Iphone Os 2025-04-12 1.9 LOW N/A
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors.
CVE-2015-8446 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 9.3 HIGH N/A
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438.
CVE-2015-5817 1 Apple 3 Iphone Os, Itunes, Safari 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-8423 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
CVE-2014-1272 1 Apple 2 Iphone Os, Tvos 2025-04-12 6.3 MEDIUM N/A
CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple TV before 6.1 allows local users to change arbitrary file permissions by leveraging a symlink.
CVE-2016-1025 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2025-04-12 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1012, CVE-2016-1020, CVE-2016-1021, CVE-2016-1022, CVE-2016-1023, CVE-2016-1024, CVE-2016-1026, CVE-2016-1027, CVE-2016-1028, CVE-2016-1029, CVE-2016-1032, and CVE-2016-1033.
CVE-2015-7055 1 Apple 2 Iphone Os, Tvos 2025-04-12 9.3 HIGH N/A
AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-1086 1 Apple 2 Iphone Os, Tvos 2025-04-12 6.9 MEDIUM N/A
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2015-7017 1 Apple 3 Iphone Os, Itunes, Mac Os X 2025-04-12 7.5 HIGH N/A
CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992.
CVE-2014-4363 1 Apple 2 Iphone Os, Safari 2025-04-12 5.0 MEDIUM N/A
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
CVE-2015-7043 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 4.3 MEDIUM N/A
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-2015-7040, CVE-2015-7041, and CVE-2015-7042.
CVE-2016-4631 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 6.8 MEDIUM 8.8 HIGH
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
CVE-2015-7107 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 6.8 MEDIUM N/A
QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file.
CVE-2015-5782 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 4.3 MEDIUM N/A
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image.
CVE-2016-1723 1 Apple 3 Iphone Os, Safari, Watchos 2025-04-12 9.3 HIGH 8.8 HIGH
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
CVE-2014-4471 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-12-2-1.
CVE-2016-4772 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 5.0 MEDIUM 7.5 HIGH
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors.
CVE-2015-5903 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 10.0 HIGH N/A
The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2015-5896.