Filtered by vendor Apple
Subscriptions
Filtered by product Iphone Os
Subscriptions
Total
4073 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1345 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
| CVE-2015-5746 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | ||||
| CVE-2015-5749 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | ||||
| CVE-2016-4121 | 6 Adobe, Apple, Google and 3 more | 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more | 2025-04-12 | 9.8 Critical |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. | ||||
| CVE-2015-5895 | 2 Apple, Sqlite | 2 Iphone Os, Sqlite | 2025-04-12 | N/A |
| Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | ||||
| CVE-2015-6988 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | ||||
| CVE-2015-7037 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | ||||
| CVE-2015-5759 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | ||||
| CVE-2015-1095 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HID device. | ||||
| CVE-2015-5752 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | ||||
| CVE-2015-5905 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | ||||
| CVE-2015-5843 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | ||||
| CVE-2015-5906 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a password by leveraging a later prediction containing that character. | ||||
| CVE-2014-4418 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| IOKit in Apple iOS before 8 and Apple TV before 7 does not properly validate IODataQueue object metadata, which allows attackers to execute arbitrary code in a privileged context via an application that provides crafted values in unspecified metadata fields, a different vulnerability than CVE-2014-4388. | ||||
| CVE-2015-5912 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | ||||
| CVE-2015-4000 | 13 Apple, Canonical, Debian and 10 more | 31 Iphone Os, Mac Os X, Safari and 28 more | 2025-04-12 | N/A |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | ||||
| CVE-2015-5916 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | ||||
| CVE-2015-5767 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | ||||
| CVE-2016-4753 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | N/A |
| Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 mishandle signed disk images, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2015-5766 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | ||||