Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 4046 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-8419 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.
CVE-2016-4758 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2015-1097 1 Apple 2 Iphone Os, Tvos 2025-04-12 1.9 LOW N/A
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-5841 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 5.0 MEDIUM N/A
The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-injection attacks via a crafted response.
CVE-2015-5876 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 9.3 HIGH N/A
dyld in Dev Tools in Apple iOS before 9 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-3721 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 4.3 MEDIUM N/A
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-7018 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 6.8 MEDIUM N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010.
CVE-2014-4415 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2015-6993 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 6.8 MEDIUM N/A
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
CVE-2014-5231 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2025-04-12 2.1 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows physically proximate attackers to extract the password from storage via unspecified vectors.
CVE-2016-4734 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 9.3 HIGH 9.6 CRITICAL
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE-2016-4733, and CVE-2016-4735.
CVE-2015-5857 1 Apple 1 Iphone Os 2025-04-12 5.0 MEDIUM N/A
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
CVE-2015-7113 1 Apple 2 Iphone Os, Watchos 2025-04-12 10.0 HIGH N/A
The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist.
CVE-2015-7039 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 6.8 MEDIUM N/A
Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vulnerability than CVE-2015-7038.
CVE-2015-6979 1 Apple 2 Iphone Os, Watchos 2025-04-12 9.3 HIGH N/A
GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2015-5842 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 2.1 LOW N/A
XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors.
CVE-2015-7112 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH N/A
The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-7111.
CVE-2014-4413 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-09-17-1 and APPLE-SA-2014-09-17-2.
CVE-2015-5766 1 Apple 1 Iphone Os 2025-04-12 5.0 MEDIUM N/A
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling.
CVE-2015-8432 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.