Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Apple
Filtered by product Iphone Os
Angry Yack Logo
Total 4254 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4731 1 Apple 2 Iphone Os, Safari 2025-04-12 9.3 HIGH 8.8 HIGH
WebKit in Apple iOS before 10 and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4729.
CVE-2015-8403 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 10.0 HIGH N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061 ...

Show More
CVE-2015-5774 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 7.2 HIGH N/A
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors.
CVE-2015-5806 1 Apple 3 Iphone Os, Itunes, Safari 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-1069 1 Apple 5 Iphone Os, Itunes, Mac Os X and 2 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
CVE-2016-1750 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH 7.8 HIGH
Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-4477 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-4476 and CVE-2014-4479.
CVE-2016-1829 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH 7.8 HIGH
The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1827, CVE-2016-1828, and CVE-2016-1830.
CVE-2015-8649 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646 ...

Show More
CVE-2016-1779 1 Apple 2 Iphone Os, Safari 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.
CVE-2015-5773 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 6.8 MEDIUM N/A
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document.
CVE-2014-4366 1 Apple 1 Iphone Os 2025-04-12 5.0 MEDIUM N/A
Mail in Apple iOS before 8 does not prevent sending a LOGIN command to a LOGINDISABLED IMAP server, which allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2016-0982 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0983, and CVE-2016-0984.
CVE-2014-4491 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 5.0 MEDIUM N/A
The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 do not prevent the presence of addresses within an OSBundleMachOHeaders key in a response, which makes it easier for attackers to bypass the ASLR protection mechanism via a crafted app.
CVE-2015-1062 1 Apple 2 Iphone Os, Tvos 2025-04-12 5.0 MEDIUM N/A
MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app.
CVE-2015-3776 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 9.3 HIGH N/A
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
CVE-2016-4611 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 6.8 MEDIUM 8.8 HIGH
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4730, CVE-2016-4733, CVE-2016-4734, and CVE-2016-4735.
CVE-2015-8439 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 9.3 HIGH N/A
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code by leveraging an unspecified "type confusion" during a getRemote call, a different vulnerability than CVE-2015-8456.
CVE-2016-0983 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2025-04-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0984.
CVE-2015-1122 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-04-08-1, APPLE-SA-2015-04-08-3, and APPLE-SA-2015-04-08-4.
CVE-2015-5935 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 6.8 MEDIUM N/A
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.
CVE-2014-4453 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 5.0 MEDIUM N/A
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to obtain sensitive information via unspecified vectors.
CVE-2015-1108 1 Apple 1 Iphone Os 2025-04-12 2.1 LOW N/A
The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses.
CVE-2016-1818 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH 7.8 HIGH
IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1817 and CVE-2016-1819.
CVE-2015-5765 1 Apple 2 Iphone Os, Safari 2025-04-12 4.3 MEDIUM N/A
The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767.
CVE-2015-1068 1 Apple 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1.
CVE-2016-4587 1 Apple 3 Iphone Os, Tvos, Webkit 2025-04-12 4.3 MEDIUM 6.5 MEDIUM
WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.
CVE-2014-5232 2 Apple, Siemens 2 Iphone Os, Simatic Wincc Sm\@rtclient 2025-04-12 1.9 LOW N/A
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
CVE-2015-3778 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 3.3 LOW N/A
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-8440 5 Adobe, Apple, Google and 2 more 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453.
CVE-2015-5834 1 Apple 2 Iphone Os, Watchos 2025-04-12 4.3 MEDIUM N/A
IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2016-0978 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2025-04-12 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-097 ...

Show More
CVE-2015-5823 1 Apple 3 Iphone Os, Itunes, Safari 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
CVE-2015-3747 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2016-0964 5 Adobe, Apple, Google and 2 more 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more 2025-04-12 9.3 HIGH 8.8 HIGH
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-097 ...

Show More
CVE-2016-1751 1 Apple 3 Iphone Os, Tvos, Watchos 2025-04-12 6.8 MEDIUM 7.8 HIGH
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
CVE-2015-7006 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 6.8 MEDIUM N/A
Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive.
CVE-2016-1775 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 9.3 HIGH 7.8 HIGH
TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
CVE-2015-7101 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 6.8 MEDIUM N/A
WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-7048, CVE-2015-7095, CVE-2015-7096, CVE-2015-7097, CVE-2015-7098, CVE-2015-7099, CVE-2015-7100, CVE-2015-7102, and CVE-2015-7103.
CVE-2015-3750 1 Apple 2 Iphone Os, Safari 2025-04-12 6.4 MEDIUM N/A
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report requests, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof a report by modifying the client-server data stream.