Vulnerabilities (CVE)

Filtered by vendor Apple Subscribe
Filtered by product Iphone Os
Total 3995 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-3727 1 Apple 1 Iphone Os 2025-04-11 6.8 MEDIUM N/A
Buffer overflow in the IPsec component in Apple iOS before 6 allows remote attackers to execute arbitrary code via a crafted racoon configuration file.
CVE-2012-0622 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2013-5156 1 Apple 1 Iphone Os 2025-04-11 4.3 MEDIUM N/A
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
CVE-2013-0981 1 Apple 2 Iphone Os, Tvos 2025-04-11 7.2 HIGH N/A
The IOUSBDeviceFamily driver in the USB implementation in the kernel in Apple iOS before 6.1.3 and Apple TV before 5.2.1 accesses pipe object pointers that originated in userspace, which allows local users to gain privileges via crafted code.
CVE-2013-0959 1 Apple 1 Iphone Os 2025-04-11 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
CVE-2013-5198 1 Apple 5 Iphone Os, Itunes, Safari and 2 more 2025-04-11 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-12-16-1.
CVE-2014-0647 2 Apple, Starbucks 2 Iphone Os, Starbucks 2025-04-11 2.1 LOW N/A
The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file (/Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog), which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads session.clslog.
CVE-2013-0879 4 Apple, Google, Linux and 1 more 5 Iphone Os, Mac Os X, Chrome and 2 more 2025-04-11 7.5 HIGH N/A
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly implement web audio nodes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
CVE-2012-0599 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2011-1451 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 7.5 HIGH N/A
Google Chrome before 11.0.696.57 does not properly handle DOM id maps, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "dangling pointers."
CVE-2013-5151 1 Apple 1 Iphone Os 2025-04-11 4.3 MEDIUM N/A
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file.
CVE-2012-0635 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2011-1296 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 7.5 HIGH N/A
Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
CVE-2011-2391 1 Apple 3 Iphone Os, Itunes, Mac Os X 2025-04-11 6.1 MEDIUM N/A
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
CVE-2012-3734 1 Apple 1 Iphone Os 2025-04-11 1.9 LOW N/A
Office Viewer in Apple iOS before 6 writes cleartext document data to a temporary file, which might allow local users to bypass a document's intended (1) Data Protection level or (2) encryption state by reading the temporary content.
CVE-2011-3969 2 Apple, Google 4 Iphone Os, Itunes, Safari and 1 more 2025-04-11 6.8 MEDIUM N/A
Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to layout of SVG documents.
CVE-2013-0949 1 Apple 1 Iphone Os 2025-04-11 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 6.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-01-28-1.
CVE-2012-0625 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.
CVE-2011-3881 2 Apple, Google 4 Iphone Os, Safari, Android and 1 more 2025-04-11 4.3 MEDIUM N/A
WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function.
CVE-2012-0631 1 Apple 2 Iphone Os, Itunes 2025-04-11 9.3 HIGH N/A
WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2.