Total
4004 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3750 | 1 Apple | 1 Iphone Os | 2025-04-11 | 3.6 LOW | N/A |
| The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access Passbook passes via unspecified vectors. | |||||
| CVE-2011-1293 | 3 Apple, Debian, Google | 5 Iphone Os, Itunes, Safari and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-0899 | 6 Apple, Google, Linux and 3 more | 9 Ipados, Iphone Os, Mac Os X and 6 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the padding implementation in the opus_packet_parse_impl function in src/opus_decoder.c in Opus before 1.0.2, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a long packet. | |||||
| CVE-2011-2870 | 1 Apple | 2 Iphone Os, Itunes | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2. | |||||
| CVE-2010-2913 | 2 Apple, Citibank | 2 Iphone Os, Citi Mobile | 2025-04-11 | 2.1 LOW | N/A |
| The Citibank Citi Mobile app before 2.0.3 for iOS stores account data in a file, which allows local users to obtain sensitive information via vectors involving (1) the mobile device or (2) a synchronized computer. | |||||
| CVE-2012-0643 | 1 Apple | 1 Iphone Os | 2025-04-11 | 9.3 HIGH | N/A |
| The kernel in Apple iOS before 5.1 does not properly handle debug system calls, which allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a crafted program. | |||||
| CVE-2013-1005 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
| CVE-2013-0999 | 2 Apple, Microsoft | 5 Iphone Os, Itunes, Windows 7 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
| WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1. | |||||
| CVE-2012-3736 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.6 MEDIUM | N/A |
| The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||||
| CVE-2013-3948 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain. | |||||
| CVE-2024-31393 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 4.3 MEDIUM |
| Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS < 124. | |||||
| CVE-2024-31392 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2025-04-09 | N/A | 7.5 HIGH |
| If an insecure element was added to a page after a delay, Firefox would not replace the secure icon with a mixed content security status This vulnerability affects Firefox for iOS < 124. | |||||
| CVE-2009-2796 | 1 Apple | 1 Iphone Os | 2025-04-09 | 2.1 LOW | N/A |
| The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for iPod touch, allows physically proximate attackers to discover a password by watching a user undo deletions of characters in the password. | |||||
| CVE-2009-2794 | 1 Apple | 1 Iphone Os | 2025-04-09 | 4.6 MEDIUM | N/A |
| The Exchange Support component in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not properly implement the "Maximum inactivity time lock" functionality, which allows local users to bypass intended Microsoft Exchange restrictions by choosing a large Require Passcode time value. | |||||
| CVE-2009-1701 | 1 Apple | 3 Iphone Os, Ipod Touch, Safari | 2025-04-09 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute. | |||||
| CVE-2007-3944 | 1 Apple | 3 Iphone Os, Safari, Webkit | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier. | |||||
| CVE-2007-2399 | 1 Apple | 3 Iphone Os, Mac Os X, Mac Os X Server | 2025-04-09 | 9.3 HIGH | N/A |
| WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption. | |||||
| CVE-2009-2797 | 2 Apple, Canonical | 2 Iphone Os, Ubuntu Linux | 2025-04-09 | 5.0 MEDIUM | N/A |
| The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS before 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote attackers to obtain sensitive information by reading Referer logs on a web server. | |||||
| CVE-2008-3281 | 7 Apple, Canonical, Debian and 4 more | 11 Iphone Os, Safari, Ubuntu Linux and 8 more | 2025-04-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document. | |||||
| CVE-2008-0034 | 1 Apple | 2 Iphone, Iphone Os | 2025-04-09 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through 1.1.2 allows users with physical access to execute applications without entering the passcode via vectors related to emergency calls. | |||||