Vulnerabilities > Apple > Iphone OS > 5.0

DATE CVE VULNERABILITY TITLE RISK
2015-08-16 CVE-2015-3730 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
network
apple CWE-119
6.8
2015-08-14 CVE-2015-1819 Resource Management Errors vulnerability in multiple products
The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.
5.0
2015-08-11 CVE-2015-5523 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
4.3
2015-08-11 CVE-2015-5522 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
6.8
2015-07-03 CVE-2015-3728 7PK - Security Features vulnerability in Apple Iphone OS
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
low complexity
apple CWE-254
4.8
2015-07-03 CVE-2015-3727 Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
network
apple CWE-264
6.8
2015-07-03 CVE-2015-3726 Improper Input Validation vulnerability in Apple Iphone OS
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
local
low complexity
apple CWE-20
4.6
2015-07-03 CVE-2015-3725 Resource Management Errors vulnerability in Apple Iphone OS
MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
network
apple CWE-399
4.3
2015-07-03 CVE-2015-3724 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
network
apple CWE-119
6.8
2015-07-03 CVE-2015-3723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
network
apple CWE-119
6.8