Apple

iPhone OS

3904 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2015-3733

  • EPSS 1.64%
  • Veröffentlicht 16.08.2015 23:59:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site...

6.8

CVE-2015-3732

  • EPSS 1.58%
  • Veröffentlicht 16.08.2015 23:59:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site...

6.8

CVE-2015-3731

  • EPSS 1%
  • Veröffentlicht 16.08.2015 23:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site...

6.8

CVE-2015-3730

  • EPSS 1.08%
  • Veröffentlicht 16.08.2015 23:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site...

5

CVE-2015-1819

  • EPSS 1.91%
  • Veröffentlicht 14.08.2015 18:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

4.3

CVE-2015-5523

Exploit
  • EPSS 5.03%
  • Veröffentlicht 11.08.2015 14:59:15
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

6.8

CVE-2015-5522

Exploit
  • EPSS 6.79%
  • Veröffentlicht 11.08.2015 14:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

4.8

CVE-2015-3728

  • EPSS 0.19%
  • Veröffentlicht 03.07.2015 02:00:18
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.

4.6

CVE-2015-3726

  • EPSS 0.33%
  • Veröffentlicht 03.07.2015 02:00:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.

6.8

CVE-2015-3727

  • EPSS 0.94%
  • Veröffentlicht 03.07.2015 02:00:17
  • Zuletzt bearbeitet 12.04.2025 10:46:40

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web s...