Product:

Iphone_os

(Apple)
Repositories https://github.com/madler/zlib
https://github.com/file/file
https://github.com/WebKit/webkit
https://github.com/vadz/libtiff
#Vulnerabilities 3500
Date Id Summary Products Score Patch Annotated
2009-08-11 CVE-2009-2416 Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Iphone_os, Mac_os_x, Mac_os_x_server, Safari, Ubuntu_linux, Debian_linux, Fedora, Chrome, Opensuse, Enterprise_linux, Openoffice\.org, Linux_enterprise, Linux_enterprise_server, Esx, Esxi, Vcenter_server, Vma, Libxml, Libxml2 6.5
2025-01-15 CVE-2024-54535 A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders. Ipados, Iphone_os, Visionos, Watchos 4.3
2024-12-20 CVE-2024-54538 A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service. Ipados, Iphone_os, Macos, Tvos, Visionos, Watchos 7.5
2023-06-23 CVE-2023-32435 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. Ipados, Iphone_os, Macos, Safari 8.8
2023-09-28 CVE-2023-5217 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Ipad_os, Iphone_os, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Firefox, Thunderbird, Enterprise_linux, Libvpx 8.8
2024-03-05 CVE-2024-23296 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Ipad_os, Iphone_os, Macos, Tvos, Visionos, Watchos 7.8
2024-03-05 CVE-2024-23225 A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. Ipados, Iphone_os, Macos, Tvos, Visionos, Watchos 7.8
2024-03-08 CVE-2023-28826 This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.1, macOS Ventura 13.6.5. An app may be able to access sensitive user data. Ipados, Iphone_os, Macos 5.5
2024-03-08 CVE-2024-23235 A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. Ipados, Iphone_os, Macos, Tvos, Visionos, Watchos 4.7
2024-03-08 CVE-2024-23231 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data. Ipados, Iphone_os, Macos, Watchos 5.5