Vulnerabilities > Apple > Iphone OS > 6.1.5

DATE CVE VULNERABILITY TITLE RISK
2017-07-20 CVE-2017-7009 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
An issue was discovered in certain Apple products.
network
apple CWE-119
critical
9.3
2017-07-20 CVE-2017-7008 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Tvos
An issue was discovered in certain Apple products.
network
apple CWE-119
6.8
2017-07-20 CVE-2017-7007 Resource Exhaustion vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-400
5.0
2017-07-20 CVE-2017-7006 Information Exposure Through Discrepancy vulnerability in Apple products
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-203
2.6
2017-07-20 CVE-2017-2517 Improper Input Validation vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
apple CWE-20
4.3
2017-07-13 CVE-2017-11103 Insufficient Verification of Data Authenticity vulnerability in multiple products
Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification.
6.8
2017-06-27 CVE-2017-2491 Use After Free vulnerability in Apple Iphone OS
Use after free vulnerability in the String.replace method JavaScriptCore in Apple Safari in iOS before 10.3 allows remote attackers to execute arbitrary code via a crafted web page, or a crafted file.
network
apple CWE-416
6.8
2017-05-23 CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp mariadb nodejs
critical
9.8
2017-05-23 CVE-2016-9842 The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. 8.8
2017-05-23 CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
network
low complexity
zlib opensuse debian canonical oracle redhat apple netapp nodejs
critical
9.8