Total
3625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7113 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-07 | 10.0 HIGH | N/A |
| The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. | |||||
| CVE-2015-7080 | 1 Apple | 1 Iphone Os | 2016-12-07 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2015-7070 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. | |||||
| CVE-2015-7069 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | |||||
| CVE-2015-7050 | 1 Apple | 2 Iphone Os, Safari | 2016-12-07 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | |||||
| CVE-2015-7037 | 1 Apple | 1 Iphone Os | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2016-12-06 | 5.8 MEDIUM | 5.4 MEDIUM |
| WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
| CVE-2016-1788 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 2.6 LOW | 5.9 MEDIUM |
| Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages. | |||||
| CVE-2016-1780 | 1 Apple | 1 Iphone Os | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| WebKit in Apple iOS before 9.3 does not prevent hidden web views from reading orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment via a crafted web site. | |||||
| CVE-2016-1766 | 1 Apple | 1 Iphone Os | 2016-12-03 | 5.0 MEDIUM | 7.5 HIGH |
| The Profiles component in Apple iOS before 9.3 does not properly validate certificates, which allows attackers to spoof an MDM profile trust relationship via unspecified vectors. | |||||
| CVE-2016-1763 | 1 Apple | 1 Iphone Os | 2016-12-03 | 3.5 LOW | 3.5 LOW |
| Messages in Apple iOS before 9.3 does not ensure that an auto-fill action applies to the intended message thread, which allows remote authenticated users to obtain sensitive information by providing a crafted sms: URL and reading a thread. | |||||
| CVE-2016-1761 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2016-12-03 | 10.0 HIGH | 9.8 CRITICAL |
| libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. | |||||
| CVE-2016-1760 | 1 Apple | 1 Iphone Os | 2016-12-03 | 2.1 LOW | 6.2 MEDIUM |
| The XPC Services API in LaunchServices in Apple iOS before 9.3 allows attackers to bypass intended event-handler restrictions and modify an arbitrary app's events via a crafted app. | |||||
| CVE-2016-1758 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 4.3 MEDIUM | 3.3 LOW |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to obtain sensitive memory-layout information or cause a denial of service (out-of-bounds read) via a crafted app. | |||||
| CVE-2016-1757 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 9.3 HIGH | 7.0 HIGH |
| Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-1756 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||||
| CVE-2016-1734 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-03 | 7.2 HIGH | 6.8 MEDIUM |
| AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted USB device. | |||||
| CVE-2015-1153 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-03 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. | |||||
| CVE-2015-1152 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2016-12-03 | 6.8 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. | |||||
| CVE-2016-1852 | 1 Apple | 1 Iphone Os | 2016-12-02 | 2.1 LOW | 2.4 LOW |
| Siri in Apple iOS before 9.3.2 does not block data detectors within results in the lock-screen state, which allows physically proximate attackers to obtain sensitive contact and photo information via unspecified vectors. | |||||