Vulnerabilities > Apple > Iphone OS > 4.2.10

DATE CVE VULNERABILITY TITLE RISK
2015-07-03 CVE-2015-3690 Information Exposure vulnerability in Apple Iphone OS and mac OS X
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
network
apple CWE-200
4.3
2015-07-03 CVE-2015-3689 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3688 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3689.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3687 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3688, and CVE-2015-3689.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3686 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3685 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3686, CVE-2015-3687, CVE-2015-3688, and CVE-2015-3689.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3684 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X
The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted credentials in a URL.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3659 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari
The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
network
apple CWE-264
6.8
2015-07-03 CVE-2015-3658 7PK - Security Features vulnerability in Apple Iphone OS, mac OS X and Safari
The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site.
network
apple CWE-254
6.8
2015-05-25 CVE-2014-8146 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
network
low complexity
apple icu-project CWE-119
7.5