Iphone_os - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Iphone_os
(Apple)

Repositories	• https://github.com/madler/zlib • https://github.com/file/file • https://github.com/WebKit/webkit • https://github.com/vadz/libtiff
#Vulnerabilities	3247

Date	Id	Summary	Products	Score	Patch	Annotated
2014-11-18	CVE-2014-4459	Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.	Iphone_os, Itunes, Mac_os_x, Safari, Tvos	N/A
2014-11-18	CVE-2014-4452	WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4462.	Iphone_os, Itunes, Safari, Tvos	N/A
2014-09-18	CVE-2014-4363	Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.	Iphone_os, Safari	N/A
2019-04-03	CVE-2018-20505	SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).	Icloud, Iphone_os, Itunes, Mac_os_x, Watchos, Sqlite	7.5
2018-06-08	CVE-2018-4233	An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.	Icloud, Iphone_os, Itunes, Safari, Tvos, Watchos, Ubuntu_linux	8.8
2017-12-25	CVE-2017-13861	An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.	Iphone_os, Tvos, Watchos	7.8
2017-04-05	CVE-2017-6975	Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack buffer overflow exploitation via a crafted access point. NOTE: because an operating system could potentially isolate itself from CVE-2017-6956 exploitation without patching Broadcom firmware functions, there is a separate CVE ID for the operating-system behavior.	Iphone_os	6.8
2017-09-12	CVE-2017-14315	In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation of LEAP (Low Energy Audio Protocol), a large audio command can be sent to a targeted device and lead to a heap overflow with attacker-controlled data. Since the audio commands sent via LEAP are not properly validated, an attacker can use this overflow to gain full control of the device through the relatively high privileges of the Bluetooth stack in iOS. The attack bypasses Bluetooth access control; however, the default...	Iphone_os	7.5
2019-04-03	CVE-2018-4360	Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.	Icloud, Iphone_os, Itunes, Safari, Tvos	8.8
2017-07-20	CVE-2017-7064	An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.	Icloud, Iphone_os, Itunes, Safari	5.5