Vulnerabilities > Apple > Iphone OS > High

DATE CVE VULNERABILITY TITLE RISK
2016-03-24 CVE-2016-1750 Use After Free vulnerability in Apple products
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
local
low complexity
apple CWE-416
7.8
2016-03-24 CVE-2016-1740 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
local
low complexity
apple CWE-119
7.8
2016-03-13 CVE-2016-1950 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.
network
low complexity
mozilla oracle apple opensuse CWE-119
8.8
2016-02-07 CVE-2016-0802 Improper Input Validation vulnerability in multiple products
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
low complexity
google apple CWE-20
8.8
2016-02-01 CVE-2016-1727 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1724.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-02-01 CVE-2016-1726 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1725.
network
low complexity
apple CWE-119
8.8
2016-02-01 CVE-2016-1725 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1723 and CVE-2016-1726.
network
low complexity
apple CWE-119
8.8
2016-02-01 CVE-2016-1724 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and tvOS before 9.1.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1727.
network
low complexity
apple webkitgtk CWE-119
8.8
2016-02-01 CVE-2016-1723 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari
WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1725 and CVE-2016-1726.
network
low complexity
apple CWE-119
8.8
2016-02-01 CVE-2016-1722 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
local
low complexity
apple CWE-119
7.8