Vulnerabilities > Apple > Iphone OS > 5.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-08-16 | CVE-2015-3730 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3. | 6.8 |
2015-08-14 | CVE-2015-1819 | Resource Management Errors vulnerability in multiple products The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. | 5.0 |
2015-08-11 | CVE-2015-5523 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | 4.3 |
2015-08-11 | CVE-2015-5522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. | 6.8 |
2015-07-03 | CVE-2015-3728 | 7PK - Security Features vulnerability in Apple Iphone OS The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area. | 4.8 |
2015-07-03 | CVE-2015-3727 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS, mac OS X and Safari WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site. | 6.8 |
2015-07-03 | CVE-2015-3726 | Improper Input Validation vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | 4.6 |
2015-07-03 | CVE-2015-3725 | Resource Management Errors vulnerability in Apple Iphone OS MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app. | 4.3 |
2015-07-03 | CVE-2015-3724 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. | 6.8 |
2015-07-03 | CVE-2015-3723 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. | 6.8 |